StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Ok me, there are 2 methods to do this.</p> <p>1) Purchase an <a href="http://webdesign.about.com/od/ssl/tp/cheapest-ssl-certificates.htm" rel="nofollow noreferrer">SSL certificate for $FREE.99</a> and open HTTPS connections only to your server to submit hiscore type data. Connection speed should be around <a href="https://stackoverflow.com/a/153448/111307">500 ms</a> due to handshake roundtrip time.</p> <p>2) <a href="https://github.com/superwills/iOSRSAPublicKeyEncryption" rel="nofollow noreferrer">Embed an RSA public key certificate in your iOS app</a>, and <a href="http://bobobobo.wordpress.com/2013/04/20/ssl-in-linux/" rel="nofollow noreferrer">have the RSA private key on your server</a>.</p> <p>You can then do 1 of 2 things with this second scheme:</p> <ul> <li><p>IF your data messages are really small (≤256 B) you can just encrypt and send 256B packages (RSA payload is limited by the number of bits in the key)</p></li> <li><p>ELSE IF the data is too large (>256B), generate a random symmetric key (AES), and pack:</p> <ul> <li>SYMMETRIC AES KEY ENCRYPTED WITH RSA PUBLIC KEY</li> <li>BINARY DATA ENCODED WITH SYMMETRIC AES KEY</li> </ul></li> </ul> <p>The server then takes the first 256 bytes and decodes it, then the server uses that AES key to decrypt the rest of the message.</p> <hr> <p>The above 2 only prevent eavesdropping, <strong>but</strong> it means the data format of your messages is hidden. At some level, it is still a type of security by obscurity, since if the hacker has your public key AND your message format, they can manufacture messages.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload