-1

im trying to implement an encryption system to my game to protect players passwords and other game data.

i've come up with a little test to get used to the logic of it all.

i just want to know the best way to go about this im pretty decent with reading java and searching for logic that i need (and finding a way to write it). so with that being said im not exactly looking for some snippet that will perfectly fit my game. im just looking for WAY better logic then what i have.

this only works for 4 characters sadly.

heres what i know so far

import java.util.Random;

public class EncodingThenDecoding {
private String stringToHash;
private boolean running = false;
private String originalString;
private String encodedString;
private boolean decoding = false;
public EncodingThenDecoding() {
    init();
}

public void initInit() {
    running = true;
    encodeString("abcd");
    System.out.println("Original String: " + originalString);
    delay();
    decodeStrings();

}

private void encodeString(String sth) {
    String[] subStrings = new String[25];
    originalString = sth;
    for(int subStr = 0;subStr < sth.length();subStr++ ) {
        subStrings[subStr] = sth.substring(subStr);
    }
    for(int i = 0;i < sth.length();i++) {
        Random ran = new Random();
        StringBuilder encoder = new StringBuilder();
        encoder.append( (char)('a' + ran.nextInt('z'-'a')));
        subStrings[i] = encoder.toString();
        //System.out.println(subStrings[i]);
    }

    sth = subStrings[0] + subStrings[1] + subStrings[2] + subStrings[3];
    encodedString = sth;
    System.out.println(sth);
    delay();
}

private void decodeString() {
    int tries = 0;
    int ii = 0;
    running = true;
    long sd = System.nanoTime();
    long minutes = 0;
    while(running) {
        tries++;
        String strToDecode = encodedString;
        String[] usedDecodedStrings = new String[1000000];
        String[] decodedSubStrings = new String[25];
        String decodedString = null;

        //store hashed string's chars into an array.
        for(int i = 0; i < strToDecode.length();i++) {
            decodedSubStrings[i] = strToDecode.substring(i);
        }
        //stores a random letter between z-a and replaces the array items         above.
        for(int i = 0;i < decodedSubStrings.length;i++) {
            Random ran = new Random();
            StringBuilder encoder = new StringBuilder();
            encoder.append( (char)('a' + ran.nextInt('z'-'a')));
            decodedSubStrings[i] = encoder.toString();

        }
        //stores the string containing all the new characters assigned above, 
        decodedString = decodedSubStrings[0] + decodedSubStrings[1] + decodedSubStrings[2]  + decodedSubStrings[3];


        long nanoseconds = System.nanoTime() - sd;
        long miliseconds = nanoseconds/1000000;
        long seconds = miliseconds/1000;

            System.out.println("its been " + seconds + " seconds");
        if(decodedString.equalsIgnoreCase(originalString)) {
            System.out.println("Decoding username was succesful!");
            System.out.println("it took " + seconds/60 + " minutes and " + tries + " tries to Decode " + strToDecode + " back into "  + originalString);
            return;
        }
        else if(!decodedString.equalsIgnoreCase(originalString)) {
            System.out.println("Attempt #" + tries + ": " + decodedString);
        }

    }


}

public void delay() {
    try {
        Thread.sleep(3000);
    }
    catch(InterruptedException e) {

    }
}

public static void main(String[] args) {
      EncodingThenDecoding encryptThenDecrypt = new   EncodingThenDecoding();
}

}

Heres an example of the output

its been 1386 seconds

Attempt #339016: bsev

its been 1386 seconds

Attempt #339017: qycu

its been 1386 seconds

Decoding username was successful!

it took 23 minutes and 339018 tries to Decode vlbc back into abcd

Cody Orr
  • 13
  • 5
  • Questions asking for "the best way" are obviously opinionated. Usually there is no best way. Even if you change your question to asking for several good ways might be too broad. – Seelenvirtuose Oct 07 '17 at 07:09
  • 2
    A typical way for password protection is: Do not store the password, but [create a hash value](http://security.blogoverflow.com/2013/09/about-secure-password-hashing/) (SHA-1 for example) of the user's password and store only that. If the user log in again, simply compare the hash codes. – Seelenvirtuose Oct 07 '17 at 07:11
  • Protecting passwords has been discussed here many times, as well as on the Security Stack Exchange. Read those before posting. Learn about salt, hash, bcrypt and such. – Basil Bourque Oct 07 '17 at 07:19

1 Answers1

1

Answer: Never implement encryption yourself.

There already are a number of standard encryption algorithms available in the Java language. Some of the popular algorithms are RSA (assymetric) and AES (symmetric).

Check out the Java Cryptography Architecture.

If you want to store the password, you should store them using some hashing algorithms such as SHA-256 or even better SHA-512. Also adding some secure Salt before hashing will make it more difficult to the attackers.

Nabin Bhandari
  • 15,949
  • 6
  • 45
  • 59