Three tips:
1. Use encryption algorithm with public and private keys generated each time player log in/register/want to send any data which must be secured. Public key is sent to client and used to encrypt passwords/emails, then secured data is sent back to the server and decrypted using private key.
2. If you store passwords on server, salt and hash them before saving. Store salt (not secured in any way) together with password. When client log in, add salt to received password, hash it and compare with hashed password on server. Create new salt each time user register/change password.
3. Take a look at java.security package, especially KeyFactory, KeySpec, PublicKey, PrivateKey, Cipher, SecureRandom.
Some code:
1. Very simple salt generator:
1 2 3
| public static String newSalt() { return new String(new SecureRandom().generateSeed(20)); } |
2. Generation of public and private keys:
1 2 3 4
| KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); KeyPair keyPair = keyPairGenerator.generateKeyPair(); PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); |