Login/Register
How to verify data integrity between client-server connection?
Asked Answered
Solved javasocketsdata-integrity
H

1

7

I recently developed an online multiplayer game and it's working fine. There's a central server handling TCP connections with clients, and they both receive and send data.
Is there a way to verify that the data sent hasn't been modified before the receiver reads it?
Does a TCP connection handle it in some way? If not what is the best way (not asking for code) to implement it?
By now I came up with those ideas:

  • Modify the data sent adding some sort of verify-value, such the packet length.
  • When a packet is received, ask the server to send it again and verify if they are equal.

I searched for a common used solution but couldn't find much.
Encryption should be my last option.

Edit
For a simple way to achieve this:

  1. MD5
  2. SHA1
  3. SSL
Headrace answered 24/5, 2012 at 23:4 Comment(9)
Modified by a hacker or by noise/error? TCP/IP does take care of the latter, not the former.Upthrow
Would you mind explaining briefly how does it happend?Headrace
Hash the data, and add the hash value to the data that you send out. The person at the other end should check whether or not the hash matches the one from the data they receive. That should take care of noise errors.Aquanaut
The problem is avoid the middle-man attack? you can sign your data using md5( data + salt )Rese
@TiagoPeczenyj: I wouldn't use md5, even if it is salted.Virtuosity
@Virtuosity why not? sometimes it is acceptable. sha1?Rese
@TiagoPeczenyj It is only 'acceptable' if you don't mind it failing to do what it is supposed to do. SHA1 is acceptable.Surakarta
Why not just use SSL? Problem solved.Surakarta
@TiagoPeczenyj: It's acceptable if you're doing checksums. If you're doing security, don't use md5.Virtuosity
B
6

Agreed with Bart, you may want to look at using a Hash method for data verification.

Billie answered 24/5, 2012 at 23:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.