I am working on a new game and I am considering having an online high score list. Now those are pointless unless you have some basic security, and I am thinking that just everything that leaves the application in encrypted, for example the xml save file is converted to bytes and encrypted with javax.crypto.spec.SecretKeySpec, and the same with all messages sent to the server. The decryption key exits somewhere in the program's binary (Java), is this "easy" to find?
In that case I am thinking of also generating a key code from the current time that must be valid when the server checks the message, similar to Internet banks. Figuring this out should at least pose a huge challenge I think.
In that case I am thinking of also generating a key code from the current time that must be valid when the server checks the message, similar to Internet banks. Figuring this out should at least pose a huge challenge I think.
Specs: intel i5 3570k @ 3.4GHz;
16Gb RAM; Raedon HD 7900;
Win8 64-Bit
16Gb RAM; Raedon HD 7900;
Win8 64-Bit