Hi guys,

I'm considering ElectroServer to be used in a project I'm working on.

I have some questions. I would really appreciate your thoughts on this.

1) How does the encryption actually works? Does it encrypt the session id? If a hacker sniffs a message, could he or she read the session id in plaintext? By session id I mean the token used to identify a certain user, or however it is done.

2) Is it possible to record a video in a flash client and stream it in real time to a ES room?

Thanks guys! :)

Encryption enabled connections use AES to encrypt all communications over a TCP connection, with a dynamic key. This means that if a given user sends the exact same message to the server six times in a row, each will be encrypted differently making it extremely difficult for a hacker to crack. Clients may choose to encrypt a specific connection or encrypt all TCP connections.

Knowing the connectionID won't give you a clue as to which key is being used. The main vulnerability is if a packet sniffer is being used starting before the Diffie-Hellman key exchange, and even then it would have to keep track of every single message so as to apply the modification to the key the correct number of times.

Second question: yes you should be able to have the client stream video to the room. We don't have a code example of this because I keep getting side-tracked on finishing it. I can give you the WIP example if you are interested.