Subscribe to GameFromScratch on YouTube Support GameFromScratch on Patreon
14. April 2013

I just finished performing an upgrade on the software that runs this site. I ran into a couple small snags during the upgrade that resulted in the site being unavailable for about 15 minutes. If you we're trying to access the site earlier today and received errors... My bad, sorry.

 

 

The new software should be a little quicker, but it was mostly about server security and a few perks for me, like better blogging software support. I think the upgrade went smoothly enough, but there are a lot of moving pieces. If you encounter any errors, please let me know what and where so I can fix it!

 

 

Cheers and thanks for your patience.

 

News


26. April 2011

So today, after 6 days of downtime I get word from Sony that apparently mine and 75 million other accounts have been compromised, including pretty much all of my personal information. Worst of all, this information included my password and possibly my credit card information.

 

This is an unforgiveable sin on many levels, but more than anything I have to say this… if you are storing sensitive information in your game, encrypt the hell out of it!  Really, it’s not that hard.  Actually here is how you do it…  this is code I have used in another project, but sadly I forget exactly where I got it from for proper crediting.  So, if you are the author, let me know and I will give proper accreditation.

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

namespace ConfigurationLibrary
{
    public sealed class CryptoString
    {
        private CryptoString() { }
        private static byte[] savedKey = ASCIIEncoding.UTF8.GetBytes("YOURVALHERE");
        private static byte[] savedIV = ASCIIEncoding.UTF8.GetBytes("YOURVALHEREASWELL");
        public static byte[] Key
        {
            get { return savedKey; }
            set { savedKey = value; }
        }
        public static byte[] IV
        {
            get { return savedIV; }
            set { savedIV = value; }
        }
        private static void RdGenerateSecretKey(RijndaelManaged rdProvider)
        {
            if(savedKey == null)
            {
                rdProvider.KeySize = 256;
                rdProvider.GenerateKey();
                savedKey = rdProvider.Key;
            }
        }
        private static void RdGenerateSecretInitVector(RijndaelManaged rdProvider)
        {
            if(savedIV == null)
            {
                rdProvider.GenerateIV();
                savedIV = rdProvider.IV;
            }
        }
        public static string Encrypt(string originalStr)
        {
            // Encode data string to be stored in memory.
            byte[] originalStrAsBytes = Encoding.ASCII.GetBytes(originalStr);
            byte[] originalBytes = { };
            // Create MemoryStream to contain output.
            using(MemoryStream memStream = new
                     MemoryStream(originalStrAsBytes.Length))
            {
                using(RijndaelManaged rijndael = new RijndaelManaged())
                {
                    // Generate and save secret key and init vector.
                    RdGenerateSecretKey(rijndael);
                    RdGenerateSecretInitVector(rijndael);
                    if(savedKey == null || savedIV == null)
                    {
                        throw (new NullReferenceException(
                                "savedKey and savedIV must be non-null."));
                    }
                    // Create encryptor and stream objects.
                    using(ICryptoTransform rdTransform =
                           rijndael.CreateEncryptor((byte[])savedKey.
                           Clone(), (byte[])savedIV.Clone()))
                    {
                        using(CryptoStream cryptoStream = new CryptoStream(memStream,
                              rdTransform, CryptoStreamMode.Write))
                        {
                            // Write encrypted data to the MemoryStream.
                            cryptoStream.Write(originalStrAsBytes, 0,
                                       originalStrAsBytes.Length);
                            cryptoStream.FlushFinalBlock();
                            originalBytes = memStream.ToArray();
                        }
                    }
                }
            }
            // Convert encrypted string.
            string encryptedStr = Convert.ToBase64String(originalBytes);
            return (encryptedStr);
        }
        public static string Decrypt(string encryptedStr)
        {
            // Unconvert encrypted string.
            byte[] encryptedStrAsBytes = Convert.FromBase64String(encryptedStr);
            byte[] initialText = new Byte[encryptedStrAsBytes.Length];
            using(RijndaelManaged rijndael = new RijndaelManaged())
            {
                using(MemoryStream memStream = new MemoryStream(encryptedStrAsBytes))
                {
                    if(savedKey == null || savedIV == null)
                    {
                        throw (new NullReferenceException(
                                "savedKey and savedIV must be non-null."));
                    }
                    // Create decryptor and stream objects.
                    using(ICryptoTransform rdTransform =
                         rijndael.CreateDecryptor((byte[])savedKey.
                         Clone(), (byte[])savedIV.Clone()))
                    {
                        using(CryptoStream cryptoStream = new CryptoStream(memStream,
                         rdTransform, CryptoStreamMode.Read))
                        {
                            // Read in decrypted string as a byte[].
                            cryptoStream.Read(initialText, 0, initialText.Length);
                        }
                    }
                }
            }
            // Convert byte[] to string.
            string decryptedStr = Encoding.ASCII.GetString(initialText);
            return (decryptedStr);
        }
    }
}

Now its as simple as calling ConfigurationLibrary.CryptoString.Encrypt(somestring);  and ConfigurationLibrary.CryptoString.Decrypt(somestring).

 

It is this easy to encrypt your info, compromising your users security is never justified!  Just be sure to protect your encryption keys as much as possible.

 

For the record, I don’t know if Sony encrypted this information or not, but they haven’t communicated that they did, which leads me to believe that they didn’t.  If they did, Sony has done a horrible job at PR.  If they didn’t, Sony made a mistake a first year CS student never should have!  Either way, Sony just screwed up really badly.

Programming Totally Off Topic


GFS On YouTube

See More Tutorials on DevGa.me!

Month List