I will now begin with a series of three last posts. Each one will have as a topic one of the topics of the course we haven seen, but with a different approach. I will talk about the topic but tried to be applied in our project, and by which means could be.
Starting with cryptography. We will need to use cryptography in our project, and I talked about it in that post, because we are managing many important information. Usernames and passwords are going to be stored in the database, as well as the results that will get from using the game. All these things are better not be seen from the outside, so they must be difficult to read and impossible to understand.
One of the alternatives we thought at the beginning was to use the methods that the tool we used could have. When we started using php (thing we don’t do now) we were planning to implement one of the functions that could make a big hash of the text that we were planning to store. It could work because it used md5 algorithm, but one of the problems we could have was that the key to decrypt the text had to be saved in the php script, which could make it vulnerable at the end.
We’ve also seen that the MySQL system we are using also implements some methods in the insert commands. MySQL has some interesting methods that work with AES scheme (Advanced Encryption Standard). This can also sound good, but still we have the same key problem. That’s why we thought of getting doing a cutomized key for each user. Constructing a key using some characters from its name and last name resulted in a different key for each person, thus making it harder to crack.
These two functions seem to be enough for now, seemingly we won’t be introducing a lot of users now, so we won’t need a lot of processing now, but if we think of this in a bigger way, we will need to analyze it better so that we don’t have problems with our system, especially in the hardware.