Jump to content
Frequently Asked Questions
  • Are you not able to open the client? Try following our getting started guide
  • Still not working? Try downloading and running JarFix
  • Help! My bot doesn't do anything! Enable fresh start in client settings and restart the client
  • How to purchase with PayPal/OSRS/Crypto gold? You can purchase vouchers from other users
  • I might've discovered the worst kind of hell on this planet


    una_maquina

    Recommended Posts

    So this isn't like a complaining thread or anything, I just wanna warn you about this: NEVER, EVER, try to do encryption in Java and Python (I mean just choose one of them and stick to it). I've tried doing RSA on both of them (Python works well, as usual, but Java -- nope). Then tried doing some PBKDF2 hashing, same story. I've been at it for hours.

    I mean encryption and hashing works fine, but it returns different outputs; and it's hell on earth trying to make it work between these programming languages, for example:

    I get outputs like these "b'[B@2e226daa\r\n'" from Java...

    And b'xc6\xf7H#\xc0\xd1\x00\x92\xb3\x01\x98_\xcc\x1aT\x9e\x90\xb1\x84\x06\xdc\xeb?\xabc~y\x14\x13*'' from Python.

     

    I don't know how I'm gonna authenticate myself to the server with Java, I'll probably have to write in Python and somehow transfer the data to Java.

     

    BTW, if you're interested in this: what I'm trying to achieve is authentication to my Python server. So for example when someone connects to my server, they'll have to provide a password. I generate a RSA private and public key on my server, and send the public key to the client. The client then hashes a password using PBKDF2, encrypts it with RSA pub key and sends it to the server. Then the server checks whether the password is correct or not. If not, it'll deny access to the client. (I'm also using select library on Python to have a smooth process).

     

    Link to comment
    Share on other sites

    Hey there, encryption works fine regardless of language, it's best to use a well known library when trying to do it :)

    I'm not super familiar with python, but for the Java output at least, it looks like you're printing the reference/pointer of a byte array ([B@2e226daa) that probably contains your actual encrypted data. You'll need to use the actual output and not the pointer to it.

    Hope that helps!

    Link to comment
    Share on other sites

    Yeah guys, I'm just a bit ignorant of how things work with Java still (and got some holes in encryption as a whole); I managed to make it work though, with base64 encoding, yeah. Also I was doing things in a ridiculous way: I was hashing the password on the client, sending it to the server, and then hashing password on the server too lmao.

    Now I just encrypt the plaintext password with public RSA key on the client, and have 1 pre-defined hash alongside salt stored in the server. When encrypted password arrives to the server, it gets decrypted with RSA private key, and gets hashed, then the server checks if the hashes match for authentication.

    Also switched to Scrypt for hashing, heard it's more secure, right?

    Link to comment
    Share on other sites

    Nice one
    I must give you some advice though, you generally shouldn't encrypt the data you want with RSA because there is a small limit on the data size you can encrypt (equal to the key size). You want to create a random key for symetric encryption like AES for example, encrypt the data with it and encrypt that said key with the RSA key you have and then send the encrypted AES key along your encrypted data, then on the server you decrypt the AES key and decrypt the data with that decrypted AES key

    Link to comment
    Share on other sites

    28 minutes ago, Neffarion said:

    Nice one
    I must give you some advice though, you generally shouldn't encrypt the data you want with RSA because there is a small limit on the data size you can encrypt (equal to the key size). You want to create a random key for symetric encryption like AES for example, encrypt the data with it and encrypt that said key with the RSA key you have and then send the encrypted AES key along your encrypted data, then on the server you decrypt the AES key and decrypt the data with that decrypted AES key

    Absolutely dude, I'll use RSA to create AES symmetric encryption; this is common knowledge to me, I was just focusing on the authentication for now, and I don't really care if my communication between the clients aren't encrypted yet (I'm not encrypting the traffic with RSA, it's plaintext for now), there's no sensitive data. But yeah, I'll encrypt it anyways later on. 

    I also don't want to waste resources before authentication is completed. That's why I'd just rather use RSA for the authentication. Then after the client has authenticated, I can establish AES with it.

    Link to comment
    Share on other sites

    Archived

    This topic is now archived and is closed to further replies.

    ×
    ×
    • Create New...

    Important Information

    We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.