Quick Links: Gideros Home | Download Gideros | Developer Guide
Encrypting save games, purchases etc...
  • AstirianAstirian +1 -1
    Member
    Hey guys,

    I'm looking at encrypting stuff before putting it into app.txt using the dataSaver then decrypting upon loading for internal logic. Would something like the following work securely?:
    KEY = "somerandom16str?"
     
    local ship1Status = "unlocked"
    ship1Status = Cryptography.aesEncrypt(ship1Status, KEY)
     
    dataSaver.saveValue("ship1Status", ship1Status)
     
     
    *** Time Passes, People Do Stuff ***
     
     
    local ship1Status = dataSaver.loadValue("ship1Status")
    actualShip1Status = Cryptography.aesDecrypt(ship1Status, KEY)
     
    print(actualShip1Status) -- unlocked


  • talistalis +1 -1 (+2 / -0 )
    Guru Accepted Answer
    Here the question rises;
    -According to whom and for which kind of data is it enough?

    For sensitive personal data like credit card information or some other data of course it will be not enough, but again in security topic there is no limit called "Enough" , as hackers will always continue to discover new vulnerabilities and new methods .

    For saved games and other kinds of not sensitive things, each level of security make it harder for 3rd parties to discover it but that's it.. Every layer of security will better than nothing or less layers.

    In addition to that with a little effort you can use some small tricks to enhance your security like;

    -Generate a hash code of file on close and save it in another file with again encryption also. In every opening of your program check with this hash if your file has been altered or not. Again you can compare the sizes in addition just to be sure in case of altered hash code.
    -In data file try to use a little bit not open variable names like "HP", "Agility" so for the people who can alter it it will not be so obvious what to change.
    -Try to use dependent and calculated fields. So in the calculations you can double check and find any inconsistencies easily.
    -If you want to carry it one more step away you can use two way encryption model with a server. With a server in addition you can keep the track of changes in your server also.

    As a result,

    There is a thin line between becoming paranoid and careless.
    No need to be paranoid hence there will be never ever enough security. Need to analyze the requirements so much carefully though and separate the sensitive and not sensitive data, after it need to choose the security model.

    [..]

    Likes: Astirian, bali001

  • talistalis +1 -1 (+1 / -0 )
    Guru
    There was another topic about this subject i forget to add it:
    http://giderosmobile.com/forum/discussion/5625/simple-savegame-encryption/p1

    Likes: Astirian

  • AstirianAstirian +1 -1
    Member
    Awesome, thank you. :)

    I could probably mix both the hex encryption and AES, I think that would be sufficient. :D

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Login with Facebook Sign In with Google Sign In with OpenID

In this Discussion

Top Posters