Hello,
I would do this with you: To do your needs, we must:
- Understanding about multi-threaded
- Socket
- Encryption
We can skype (i'm living in France, so the time now is 11h21AM, my skype: chutuanluyen)
1. All data transmitted should be encrypted using AES in CBC mode. Assume that client and server have the shared key in place beforehand. You can choose the key length of AES yourself.
--> Ok. We can generate secret-key from the key length chosen.
2. A MAC (e.g., HMAC) should be appended to the data transmitted. The key used for HMAC can be generated from the shared key by using a pseudo random number generator.
--> Yes
3. Discuss about the security holes in the current system, and possible countermeasures. -> we can discuss via skype.
4. For the possible solutions in 3, implement one of them.
Bst wish,