• Advertisement
Sign in to follow this  

Encryption with time played

This topic is 1402 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I was thinking of encrypting data with total time played down to the minute. The time would be kept track of seperately on the client and the server so it never has to be transmitted.

 

I'm not sure how secure it would be so I was hoping for some input.

Share this post


Link to post
Share on other sites
Advertisement

Your question is really vague. What data are you encrypting? What kind of server and client? Who encrypts the data? For what reason are you encrypting data?

Share this post


Link to post
Share on other sites

Passwords. Custom game server and client. Client encypts, server decrypts. I don't want to transfer plaintext passwords in case of sniffing.

Share this post


Link to post
Share on other sites

I could try a minute behind or ahead if the decrypted message doesn't match the password, which I guess makes it down to 3 minutes. Unless the hacker was monitoring a player from his very fist connection ever, he'd have to make a pretty good guess to get the total time played. After an incorrect guess in the 3 minute range, I could just ban.

 

I'm using lidgren for my networking and would be using the minutes played as the encryption key.

 

What existing encryption can I use with lidgren?

Share this post


Link to post
Share on other sites

Or you can use asymmetrical encryption like RSA. Then you can let the server send the encryption key for a symmetrical encryption protocol. I don't see the need to create some custom protocol...

Share this post


Link to post
Share on other sites

Wouldn't it go like this:

- time 0: player joins game and sends pw

- hacker knows time is most likely 0 and "decrypts" the pw

 

Thats a stupid encryption method.

Share this post


Link to post
Share on other sites

Wouldn't it go like this:

- time 0: player joins game and sends pw

- hacker knows time is most likely 0 and "decrypts" the pw

 

Thats a stupid encryption method.

That would only work for a players very fist session ever... which I already mentioned.

 

Anywas since all I'm gonna do is catch flak for mentioning this I'll just use asymmetrical encryption.

Share this post


Link to post
Share on other sites

I was thinking of encrypting data with total time played down to the minute. The time would be kept track of seperately on the client and the server so it never has to be transmitted.

 

I'm not sure how secure it would be so I was hoping for some input.

You'd have a very limited pool of keys, you could brute force all of them in less than a second.

Share this post


Link to post
Share on other sites
If the player starts playing from another machine, how would the new machine know the client-side secret of the old machine? No matter whether it's something easily guessable like "time" or something harder like a strong nonce?

Cryptography is really, really, hard. Even the best in the world make mistakes, as seen in vulnerabilities in packages like RSA or OpenSSL. It's clear that you have not spent the time necessary to actually read anywhere near sufficiently on what the challenges are and what the strengths and weaknesses are of various designs.

My sincere and helpful advice to you right now is: STOP!
If you're trying to protect your game against some particular kind of attack, then use an existing cryptosystem that is designed to protect against that attack. HTTPS is one; OpenSSL is another.
If you're trying to learn how crypto works and what the different threats and responses are, then pick up a high-quality textbook and actually read about what all attackers already know.

Share this post


Link to post
Share on other sites

For Butabee, I cannot imagine anything your protection scheme attacks against that cannot be defeated by old fashioned methods. A simple memory inspector can compromise just about any game client.

 

So what if your data is encrypted when you write it on disk, and the values are encrypted when traveling across the wire.  They are open and accessible during processing. If the data is available on the client machine in any way whatsoever, a skilled attacker can find it and use it.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement