Hi, I've recently been building a login server for a game we've been working on. We know the theory about encryption, but have no practicle experience in implementing it. The login is in Php5, using encryption like thus:

$ToBeEncrypted = "Test";

$Encryption = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');

$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($Encryption), MCRYPT_RAND);
mcrypt_generic_init($Encryption, "aaaabbbb", $iv);
$encrypted_data = mcrypt_generic($Encryption, $ToBeEncrypted);

I was wondering two things. Which mode (i.e. ECB) is best to use for sending reasonably small packets over the internet? Secondly, i noticed, different servers generate different results from the same information and key and thus i cant decrypt data sent from one to anothre. I'm guessing this has something to do with the Initialization Vector being random? How do i get around this, OR securely transmit the IV to another server (coded in C++)? Thanks guys

Do you need encryption, or do you only need authentication?

I wrote an article about authentication for games a while back, that some people have found useful.

i do need encryption, but ur article is also very helpful. Thanks.

Just use HTTPS. You know you want to.

Just do it.

If you don't, you are stupid.

Mark

Look, face the fact we're not using it it, has anyone got some useful information?

Quote:

So what you're saying is, your method of using a hard-coded key is better than a system of signed key exchange which has withstood many attacks? And that it's cheaper to hire the most experienced programmers / maths people in the entire world than implement some software which is available universally? Are you nuts? Mark

...It's based on RC4 and in some cases Ranjal. I'm using RC6, and for how we use data our method of implementing RC6 is far more secure to any tampering.

I'm not into math, nor is creating algorythems my thing. (BTW, moment quantum computers come up kiss SSL goodby :P) But the implementing of them is very open to method :P