Registration and authorization

We have made registration and authorization mandatory for the game. Now it allows you to save the character's appearance and coordinates on the server. In the next update, we will use this to implement the ability to privatize land.

This update made us sweat, since it required the use of a whole range of knowledge about encryption, secure data transfer from the client to the server and management of all this in the database. Using the OpenSSL library, the client encrypts its password with a public key, and the server decrypts it with a private key. To prevent a man in the middle from logging in by repeating encrypted traffic, the password is encrypted with the addition of a proxy salt on the client, and the salt is generated randomly by the server for each new session. To protect passwords in the database, a cryptographically strong hash function is used, hashing the user's password together with another salt, which makes it completely impossible for an attacker to guess the user's password.