WebsiteWill

Members
  • Content count

    732
  • Joined

  • Last visited

Community Reputation

134 Neutral

About WebsiteWill

  • Rank
    Advanced Member
  1. WPF And Icon Management

    Ok, fair enough for that but what about having to declare an image for each resource during runtime? I'd rather be able to load 1 large image and have buttons/controls index into just a small part of that image, (ala game UIs), as opposed to creating an image in memory for every .bmp, .png, etc., needed by my application, unless it's not worth it. I'm actually trying to figure out how do accomplish this in WPF so I can run some performance tests. I've looked at the CroppedBitmap in WPF but it's just creating another image instance in memory from a specified part of the source. I've also looked at Image.Clip and while it accomplishes a small part of the goal there doesn't seem to be a way to apply multiple Image.Clips to the same image because of the way the master image is handled. Any other ideas? Thanks, Webby
  2. Hello all: I'm working on a WPF application that has a lot of icons at it's disposal and it occurred to me that maybe a practice used in game development would help. From what I've seen in game dev a UI utilizes one (or a couple) images that store the various icons. Then it's up to the game UI so determine what region in the image is used for a given button. Well, I'd like to extend that to a WPF app but I'm having a bit of difficulty. Also, before I go too much farther with this idea. Do you think it's worth it? I could design each icon in a vector format and then they would resize perfectly no problem. I'm just concerned about performance once hundreds of these icons are available in the system. Is this even a cause for concern in a windows app? I know in a game UI this could result in a big performance gain since you don't have to switch the texture for each button. So I was thinking a similar gain could be had in WPF. Thanks for any input, Webby
  3. The 3ds max SDK and index buffers

    You would be much better off asking this question on one of the forums specifically for 3D Studio Max. Just Google for 3D Studio Max Forum and you will get a ton of results. --Webby
  4. Nevermind, found my own answer. http://www.derkeiler.com/Newsgroups/microsoft.public.platformsdk.security/2003-10/0276.html Turns out the cert won't show up in CertMgr unless there is a private key associated with it. Webby
  5. Hello all: Has anyone had trouble with Windows Vista(64) not displaying a certificate installed to the personal store? I've created a certificate with MakeCert and when I try to install it to the MY (Personal) store I get a success message but it doesn't actualy appear in CertMgr. In some C# code I can instantiate an X509Store and with the right settings I can actually see that the certificate is there, however, it's an invalid cert (only shows in the collection is I pass a parameter to show ALL certs, not just valid certs). Furthermore, if I double click the cert and Install it from there using the default settings recommended the certificate actually does show up in CertMgr, except it's under the Intermediate Certification Authorities tab. I've tested this same method on a Windows XP box and it shows up in my personal store as it should. I'm an administrator on the Vista box (thought this is my first week with Vista so I'm most likely just missing some silly step here). Any thoughts? Thanks, Webby
  6. Authentication Algorithm

    Ok guys. Thanks a bunch. I think I've got the information I need to give this a pretty good implementation effort. <Unrelated to topic> Right now I'm trying to recover the last 3 weeks of my work while reinstalling everything I need. I've been generally lax when it comes to backing up my work (about once a month). My hard drive is still entact but the new PC is SATA and old hard drive is Ultra ATA. Looks like I'll have to get an external enclosure and feed my data over via USB... Hopefully Radio Shack has one I can just pick up. Seems like BestBuy only carries those built for SATA these days. What a pain, but hey, new PC. :) Webby
  7. Authentication Algorithm

    So, 24 hours, one fried HP, and one one new Gateway FX6800-01e later I can finally ask: So, other than certificates there doesn't really seem to be any way to prevent MITM, right? So I need to set up a certificate on my server that the client can validate with. From what I read it doesn't seem necessary for me to have a certificate on each client right? I mean, I don't even think I could being that just anyone will be able to install this. And, now for a question I probably should have asked first. :) Any good tutorials showing all the steps necessary to set up a Client/Server system stating some (or THE) best way to initialize a connection between a client and a server? I definitely like the idea of using a secure website for account creation/maintenance, it just seems odd as I've never seen that approach used before in other games or systems. Thanks for all the input, Webby
  8. Authentication Algorithm

    Thanks guys. Drew: Yes, the sending password stuff as a hash (of hashes or other garbled method) was definitely my intention there. Any (sensitive information) will be handled that way. You are back to Diffie-Hellman which I've got implemented and working but honestly couldn't figure out a good way to use them. I was trying to use them as the actual public\private keys in RSA (or other asymmetric algorithm) to encrypt the data, which isn't possible -- with .NETs RSA implementation at least. However, using those agreed upon numbers as part of an HMAC calculation would work pretty well wouldn't? Since they're values only the client and the server know about? Now, if I perform all of that over SSL then it seems like it should be pretty tightly wrapped up. It's a good bit of overhead but definitely worth it and it's something each client will only do once per session. I'm not opposed to getting a certificate from a CA but for now I don't want to put out the cash. It seems like creating my own certificates is possible as hplus alludes to. I'm also not opposed to handling account creation over a secured website, that might actually be the best option. Since once that's done I can guarantee that the client and server have some secured information they both agree on and the rest of the process becomes a whole lot easier, not to mention takes a lot of burden away from the authentication server. Thanks guys, Webby
  9. Authentication Algorithm

    And now I'm off on another tangent. I cam across another topic that you (hplus) took part in and highly defended SSL. The reason I was trying to stay away from SSL was due to it's connected nature. But on thinking and reading how about something like this. Auth Server is running and waiting asynchronously for SSL connections Client sends a generic message to the server requesting a connection. Server responds with an available port (since it's connected we're limited). Client connect SSL to the given port. Server certifies itself with the client. Do I need to have client certify itself with the server? Seems unnecessary. Client "authenticates" by providing username and password. If success, server generates shared symmetric key and sends it to the client. Server disconnects. Client can then freely communicate with server as necessary (encrypting when necessary using the shared key). Server can periodicaly update shared key by sending it encrypted to the client when necessary (just as added protection). Things like account creation (or anything involving credit cards, etc could be done over SSL OR using the shared key generated during the SSL connection. Do you think it necessary to use SSL for that once we have a safe shared key just to be safe? I'd like to do as much over UDP as possibly for its scalability. Thanks for keeping up with this post, Webby
  10. Authentication Algorithm

    Trying to eliminate man in the middle. Aside from that, symmetric encryption will be fine for everything else I do. In fact, most things won't even be encrypted. At the time of authentication or account maintenance I will do encryption but for general messages I won't be. MITM is only a real threat initially, like when a user is first creating an account (since there is currently no shared key). At that time the server knows nothing about the user so potentially a MITM could intercept the message and cause harm. The key place for harm would be the message when the user sends their username and password to the server the first time. Once that information is securely on the server I think I'm reasonably safe from MITM as there is now a key known to both the server and the client which can be used with an HMAC to verify messages. I'm not even that sure I need to worry about MITM as, how common/feasible is it really, and to what extent would someone bother in a chat or game application? Though I do want to take as many precautions as possible. Do you have a workable solution? I've read your document quite a few times and it covers well how to authenticate client/server but it assumes there is already a shared key between the two. How to you secure a shared key? Webby
  11. Authentication Algorithm

    Ok, so maybe I was going about this all wrong. Turns out, it seems that the way to do this would be to have the client create it's public and private key using the RSACryptoServiceProvider and send the public key to the server. The server sees this message and generates it's own public and private key with RSACryptoServiceProvider and sends public key to client. At this point the server can generate a symmetric key to use for encryption, encrypt it with RSA and send it to the client. From that point on the client and server communicate and encrypt/decrypt with the shared symmetric key. For added security, I can periodically generate a new symmetric key and send it to the client with RSA. I can even renew the RSA keys between client and server periodically if necessary. So, now I'm wondering how I got down the track of Diffie-Hellman in the first place. Generating the shared keys was a piece of cake but figuring out how to effectively use them after was a pain in the rear. This seems to work now. Thoughts? Thanks, Webby
  12. Authentication Algorithm

    Here is more information. For generating the Diffie-Hellman the code I use generates 1 byte for G (8 bit) 128 bytes for P (1024 bit) 128 bytes public key (1024 bit) 128 bytes private key (1024 bit) Are these values something I can then provide to the .NET RSA provider? Thanks, Webby
  13. Authentication Algorithm

    Well, I've got an implementation of the Diffie-Hellman algorithm up and running between the client and server. To be honest, I'm not sure what format that would be in other than two agreed upon numbers that are mathmatically related in some very obsure and hard to decipher format. I had thought about trying to write my keys to an in-memory xml and feed that into the RSA object but I wasn't sure it would work. I've got a public and private key (also have P and G from Diffie-Hellman exchange). The RSA object seems to want an xml file with a lot more data than I have on hand. If it's that simple I can give it a shot, I just had my doubts that it would even work. Webby
  14. Authentication Algorithm

    Thanks guys. I've actually stumbled upon a new issue here. I've got all of my Diffie-Hellman exchange working between the client and server. My intention was to use those keys with something like RSA to actually encrypt and transmit a symmetric key generated by the server. However, as you all might know, the .NET implementation of RSA doesn't let you initialize with your own keys. I also don't like the way it uses files to do it's work, it just all seems silly. So, what would you guys recommend for Asymmetric encryption using public/private keys generated with Diffie-Hellman? Thanks, Will P.S. Should I open this as a new topic?
  15. Authentication Algorithm

    I guess I left out a bit of critical information. This is going to work over UDP and not TCP so if my understanding holds true I can't use HTTPS or SSL. I'm basically following your (hplus) article on Authentication for Games. Right now this is just being used for the chat server aspect but the same thing will occur in the context of other server types. In fact I'm designing it so that clients go through an Auth server which will then hand them off to the chat server and eventually other types of servers. Thanks, Webby