All geek questions in one place

Encryption and decompilation

I am going to put my Android application on the market. I recently encrypted all communication with the server / client. I am wondering if my data is encrypted using a specialized key, and if a person decompiles my code and extracts the key, is it even worth encrypting the data in the first place? My messages worked much faster when the data was not encrypted. Since the game is a game, lagging will be a huge β€œfunny killer,” and I know from experience that it’s frustrating. I know that encryption makes the application more secure, it makes it more secure for gamers and the server, but it causes a huge lag. Is the deduction in productivity provided? Is it even worth using encryption when your code can simply be decompiled? I already use Android Proguard, but if someone really wants to decompile my code, they will spend time sorting all this garbage.

+1
source share
3 answers

I think it’s safe to work in accordance with these assumptions.

  • The customer cannot be trusted. Someday.
  • The server is an authoritative source of information.

Do not trust the data that customers send you, do checks and checks against him (for example, if someone tries to "teleport" from one corner of the map to another by sending a changed location).

Only accept data that is valid.

Ban cheaters.

Encryption is fine, but when it does not harm the game or the gameplay (in your case, it is).

+1
source

Do you put the encryption key in the client code? Well, it's useless, encryption, on the other hand, is totally worth it; the problem is that you have chosen the wrong way to do this.

+1
source

I would probably use authentication instead of encryption (hashing all the data sent so you can check it on the server). This will work for regular game information because there is no need for privacy. If you do not send confidential user information, such as name, age, credit card details, etc., I suggest you use basic authentication, which is much faster than encryption. You can go for very simple hash functions, or if you think your game really encourages people to intervene in it, then you can use military-grade hash functions like SHA-256 or higher. But no matter what hash scheme you use, it should be much less time / resources than implementing the right encryption scheme.

0
source

Source: https://habr.com/ru/post/1415831/

More articles:


All Articles