Mark Wedel wrote: > Now true public key can be used, with the player file storing one key, > and the > other being transmitted. That helps in the core dump/player analysis > (that one key doesn't do any good), but doesn't help out much in the case > of people sniffing - you just sniff what the client is sending to the > server, and once again, hack your client to send that same byte sequence.
There is one thing not being thought about here, that is, that you can let the server send a random sequence of bytes to the client, let it process that and use the sequence in the server itself again to decode what the client sent. That way, you cannot sniff and resend hashes because the sent password will always be different. Pippijn _______________________________________________ crossfire mailing list [email protected] http://mailman.metalforge.org/mailman/listinfo/crossfire
