On 03/17/2010 02:27 PM, Kevin Duffey wrote:
Hey Mario,
Thanks for the replies. So your salted md5 hash, do you generate one
for each player, or just one for your game, that is sent in with every
request by each game player (via your game code)? So this secret that
you concatenate, you hard code it in both the game code and your
server code?
I would hope that people don't do that. It can trivially be reverse
engineered.
So some string like abcd123, append it, md5 the whole string, then
send it?
I have been using SHA-1 for playing around, using the Java SDK api
that can also be used for MD5. Any benefit in using MD5 over SHA-1? I
thought
SHA-1 was more secure/harder to crack?
While these are pretty low stakes, there is simply no reason to use
MD5 in this day and age. MD5 has known weaknesses (for about 10
years). SHA1 has recently (in the last couple of years) been shown
to have weaknesses, but nothing as severe as MD5. NIST, et al are
working on a replacement for SHA1, but lots of people have been
using/implementing SHA256 in the interim. Frankly, unless you're
doing something like line rate crypto, considerations of performance
are immaterial. Use SHA256 if it's available, and SHA1 if it's not.
Mike, an author of RFC4871 who knows a thing or two about this
subject (unfortunately)
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
