- Home /
Is This Login Algoritm Secure For an MMO?
Hello, I am attempting to create a small online game in Unity much like minecraft which allows people to host their servers, but all validation is done on a central server. Since I'm struggling and don't know anything of PHP and HTTPS, I'm thinking of using a game build just as Authentification Server (with just a console) and then if everything is validated, it passes a token for the user to login in any playermade/gamemade servers (game build itself).
I'm thinking about sending information back and forth using ClientRPC/Commands using encryption. My algoritm right now is:
Player sends hashed user id
Server looks up if user exists, if so, it generates a SESSIONSALT, encrypts using hashed user password as key and sends it to user.
User sends hash user + hash(SESSIONSALT + hash (pass + salt)) and sends it to server
Server checks login and if successful sends a login token with: sessionTime, IP, Mac and hardwareSerials, username
What are the main vulnerabilities in such fashion? Is it acceptable security in an MMO?? In case not, can anyone point me somewhere to get me started in PHP (I tried multiple videos but none seems to be using secure methods)???
Unless you are a security expert you should use an implementation that was created by security experts.