Question on client/server application

From: John E. Doe (nobodyyouknow_at_dontneedspam.com)
Date: 12/23/04 

Date: Thu, 23 Dec 2004 01:27:42 -0500

Hello all,

It's been ages since I've posted in this group, but everytime I did in
the past, I've always found the responses to be very helpful and I'm
hoping someone can help me out with my current problem as well.

Okay, here's what I'm currently working on. This is not something
critically urgent for work or anything like that. It's mostly for my
own personal knowledge and curiosity.

Let's say that you're developing a client-server application. It
doesn't really matter what the nitty gritty details are because my
example is very generic. So let's say I'm writing two applications
(one will act as a simple TCP server and the other will be a simple
TCP client).

What is the simplest way for me to implement a secure connection
(after the initial connection has been established)?

I know that the most obvious way is to hard-code a password into both
the client and server and then use that password to activate an
encryption algorithm. This part I've already done on my own, so
there's no problem there. But obviously this isn't terribly secure,
because anybody with enough skills can easily browse the .EXE file and
find my password in there. Using a resource compressor might hide the
password from a straight hex editor, but once again, anybody with some
know-how would be able to decompress the .EXE file with about 5
minutes of effort.

I guess what I'm looking for is basically the same type of thing that
is done when a web browser application establishes a secure connection
to a web server (HTTPS). The client can establish a secure connection
to the server without either of them "knowing" each other ahead of
time.

I've checked the various Delphi sites, but none of them have exactly
what I'm looking for. There are plenty of encryption libraries out
there (I think I've downloaded every single one), but they all tend to
deal with conventional string and file encryption.

Would anyone here have the necessary Delphi (and encryption) knowledge
to guide me? I learn very quickly, and would appreciate any
assistance, even if it's just pointing me to some sample code that may
already exist out there.

-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
   http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----

Relevant Pages

  • Re: Socket Server with Encryption help
    ... Before the client ... Authentication protocols are fiercely difficult to get right. ... by Needham and Schroeder "Using encryption for authentication in large ... Client connects into Server and Server accepts the connection. ...
    (microsoft.public.dotnet.security)
  • RE: Implementing RSACryptoServiceProvider *and* JavaScript
    ... JavaScript: hashing, synchronous encryption, and asynchronous ... This will enable me to ensure security between the client ... Send these back to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Help Newbie..Upload file from SQL Server
    ... Enable SSL Encryption for SQL Server 2000 with Microsoft Management ... Steps to Use to Install a Certificate on a Server with Microsoft Management ... Steps to Enable Encryption for a Specific Client ...
    (microsoft.public.sqlserver.programming)
  • [NewbieQ] Feasability of MITM attack on SSH etc?
    ... I know very little about encryption, ... As I understand it, when an SSH client connects ... complete the two can commence encrypted communication with a reasonable ... and have that device pretend to be a server ...
    (sci.crypt)
  • Data Encryption
    ... Since this server is what I use for authentication, ... build some encryption into the protocol so that usernames and passwords ... in the signaling data, but 4 bytes is the minimum; ... the server will allow a client to send ...
    (SecProg)