I was thinking of encrypting data with total time played down to the minute. The time would be kept track of seperately on the client and the server so it never has to be transmitted.
I'm not sure how secure it would be so I was hoping for some input.
Your question is really vague. What data are you encrypting? What kind of server and client? Who encrypts the data? For what reason are you encrypting data?
Passwords. Custom game server and client. Client encypts, server decrypts. I don't want to transfer plaintext passwords in case of sniffing.
Use a proper and tested encryption mechanism instead of inventing your own. A real encryption mechanism is safe because it is safe by design and not because the hacker can't figure out which methods you use.
Besides, time is not a very secret either; the hacker also knows the time. But there's also the problem of keeping the clients in sync. Just using the time down to the minute does save you the problem of keeping them in sync or handling timing issues. For example, the transit time of a package over a network is not zero, so how would you for example handle time stamps which ticks to the next minute after the package is sent but before it is received at the other end?
I could try a minute behind or ahead if the decrypted message doesn't match the password, which I guess makes it down to 3 minutes. Unless the hacker was monitoring a player from his very fist connection ever, he'd have to make a pretty good guess to get the total time played. After an incorrect guess in the 3 minute range, I could just ban.
I'm using lidgren for my networking and would be using the minutes played as the encryption key.
What existing encryption can I use with lidgren?
Or you can use asymmetrical encryption like RSA. Then you can let the server send the encryption key for a symmetrical encryption protocol. I don't see the need to create some custom protocol...
Wouldn't it go like this:
- time 0: player joins game and sends pw
- hacker knows time is most likely 0 and "decrypts" the pw
Thats a stupid encryption method.
Wouldn't it go like this:
- time 0: player joins game and sends pw
- hacker knows time is most likely 0 and "decrypts" the pw
Thats a stupid encryption method.
That would only work for a players very fist session ever... which I already mentioned.
Anywas since all I'm gonna do is catch flak for mentioning this I'll just use asymmetrical encryption.
I was thinking of encrypting data with total time played down to the minute. The time would be kept track of seperately on the client and the server so it never has to be transmitted.
I'm not sure how secure it would be so I was hoping for some input.
You'd have a very limited pool of keys, you could brute force all of them in less than a second.
