views:

42

answers:

2

hi. i want to make flash programs that send information to the web server that cannot be revealed by the user. of course the user will be able to see that HTTP request that is being sent, but i want to encrypt the data before transferring it. what's the best method to achieve that ?

+1  A: 

Any ciphering algorithm will work for the average user, but beware that flash programs could be decompiled. So a power user without too much effort will eventually break your protection...

rossoft
thank you, i read about ciphering algorithms and i'll probably use blowfish.
ufk
A: 

You could use a combination of RSA and AES, much like PGP works. The server has a public and private key. The client only has the public one. The client makes a random string wich will be used by the AES algorithm, encrypts it with the public key and sends it to the server (this is all with RSA). The server now knows the password and all communication can now be encrypted by AES. This will prevent packet sniffing, and you won't have to store a password in your flash object. It is still vulnerable to debugging though.

DaMacc