Game Development Reference
In-Depth Information
chapter 16
Protecting Sensitive
Data with Encryption
The only thing more frightening than a programmer with a screwdriver or
a hardware engineer with a program is a user with a pair of wire cutters
and the root password.
Elizabeth Zwicky
With the highly distributed software populating the computing world these days,
there is often a need to protect sensitive data so that it is accessible only by a select
group of people. Some applications are network- or Internet-driven, and they must
maintain secure communication so that malicious attackers cannot modify incom-
ing and outgoing packets. Other applications need to store sensitive data locally in
the file system or a remote database in a format that is unreadable by humans.
Developers look towards encryption to accomplish this feat, but very few of them
implement it correctly. These developers throw around buzzwords like “128-bit
encryption” and claim that their applications are secure, when, in fact, they have
introduced security flaws that can be exploited by anyone with the knowledge to
do so.
Some developers also think that they can roll their own implementation of a par-
ticular algorithm and claim that it works correctly. Just because you see data that
you think is encrypted does not actually mean that it is. Many of these developers
could probably hand their implementations over to a knowledgeable cryptologist
163
Search Nedrilad ::




Custom Search