Yes, it should be. As I understand the question - he asked only the encryption - e.g. post the "username"+"password" and store this encrypted string on the server.
The username and the score can send without encryption to store on the server. The client that uses the C2 game knows who he is ("username") and the app calculates the "score".
Second login: C2 encrypts username+passwort again --> send it to the server --> server: compares this string to the string stored before --> message success/fail to c2-client that wants to play
Suggestion:
If sending the username and the score unencrypted is to unsecure for you (-you can see the real-characters eg with wireshark <img src="smileys/smiley2.gif" border="0" align="middle" /> ) - why not merge it in the encrypted string:
When the encrypted string for the
user "Joe7"+"joelspassword"
is --- "0123456789abcdef" ----
and the score is "20"
--> merge it in:
- -- 01234567Joe789ab2cd0ef ---
and post this string. If you know the right positions of the characters you can pick them out <img src="smileys/smiley2.gif" border="0" align="middle" />