Some ES questions

[butaca]

Hi guys,

I'm considering ElectroServer to be used in a project I'm working on.

I have some questions. I would really appreciate your thoughts on this.

1) How does the encryption actually works? Does it encrypt the session id? If a hacker sniffs a message, could he or she read the session id in plaintext? By session id I mean the token used to identify a certain user, or however it is done.

2) Is it possible to record a video in a flash client and stream it in real time to a ES room?

Thanks guys!

[tcarr]

Encryption enabled connections use AES to encrypt all communications over a TCP connection, with a dynamic key. This means that if a given user sends the exact same message to the server six times in a row, each will be encrypted differently making it extremely difficult for a hacker to crack. Clients may choose to encrypt a specific connection or encrypt all TCP connections.

Knowing the connectionID won't give you a clue as to which key is being used. The main vulnerability is if a packet sniffer is being used starting before the Diffie-Hellman key exchange, and even then it would have to keep track of every single message so as to apply the modification to the key the correct number of times.

[tcarr]

Second question: yes you should be able to have the client stream video to the room. We don't have a code example of this because I keep getting side-tracked on finishing it. I can give you the WIP example if you are interested.