Originally Posted by
Songoty
Dude I need you to think about what you just said. You are saying that you can get them from the jar file (which you can, you can receive the public key from the jar file), and are suggesting that you send them to the client, from the server, on login. What is going to prevent me from modifying that jar file to print out the received public key?
I think you have a misunderstanding of what RSA is used for. RSA in the 317 client is used to 'encrypt' the username, password, uid, and ISAAC cipher keys on login. That's it. It is not used again. It is to prevent someone else on the network intercepting your plain text password pretty much.
Having the public key doesn't mean anything. I mean I guess you could put that in a different client and connect to that server, but chances are, especially these days, that most servers clients have protocol modifications anyways that will probably crash the client.