Ive not asked a question here for a while, but anyway.
My game will have server based multiplayer, players connect to the server, create a account and then play the game with that account on the server.
The account data is saved server side (1 file per account in a directory - since I want to allow server owners to transfer accounts to other servers by basically copying the file). Only the password of the account is encrypted in that file.
The server software will be available to anyone for free and I wanted idea's on how I could deal with malicious server owners who want try decrypt the passwords? Obviously the encryption key for each server out there would need to be the same so that the passing of account files between servers is compatible.
My concern is that I am working with C#, meaning the server assembly could be easily decompiled and the encryption key is easily obtained.
TLDR: Ideas on approaching server owners who want to decrypt player's accounts passwords for malicious activities?
I already know how do implement 128-bit AES encryption, but it seems useless if the key can be found
All replies are appriciated, thanks.
edit: I'm not concerned about server owners hacking their way into a game account, but rather logging into other websites in which the user may have the same password and/or username.
Edited by Xanather, 19 April 2013 - 09:08 PM.