Hi, everyone who knows crypto!
I'd like to code a networked videogame, and I want it to be at least somewhat secure. Don't know anything about encryption or authentication though, any recommendations for learning resources?
@deshipu I had to google that, to give some perspective on how new I am to this. I'd like to keep the information about what the player does secret from third parties, as well as authenticating the player. Not sure how to word that better, sorry.
Also, part of the question is also: what should I be concerned about?
Assuming your game has a centralized server:
If TLS works for you that'd be the best (because it's widely used & tested). For server auth, server certificates are the obvious way. For user authentication, you can either use client certificataes, or some password or challenge-response auth inside the TLS connection.
When could TLS notwork for you:
- you don't really need encryption, only auth, and encryption is too slow
- you don't use TCP / stream-oriented connection
@Wolf480pl @Michcioperz Authentication is probably the most important thing, I'm thinking about making a kind-of peer-to-peer game. It's like an RPG but you can "merge" worlds with other players, and I'd like to be able to make that communication secure in the sense that chats are secure. E2E I guess? I'd imagine this is crypto-wise very very similar to a chat program.
@neon @Michcioperz ok, so if it's P2P, passwords are no-go. You need every user to have a public/private keypair (like in client certs, Signal, OMEMO, or bitcoin). For chat, it depends if it's synchronous (both ppl online at the same time) or async (I'll send you a message & go offline, you reply some time later). If sync, you could just use TLS. Otherwise, sth like Axolotl/OMEMO if you need forward secrecy, or hybrid encryption (like OpenPGP) if you don't.
Eh, long talk, got XMPP or IRC?
I don't have XMPP or IRC actively in use nowadays, just Matrix (@jens:im.neon.moe). If you'd like, I could come on XMPP some time though.