Before the obligiatory "do it noob!"... If I am validating all responses from the client, is there a need to encrypt packets? If I check all movement, all trades, all communication, is it worth the overhead to do encryption on each packet? If so, are there some good 'low overhead' encryption protocols out there? And what about key generation? Thanks in advance :D

well, i suggest using encryption only for account data and such. It really depends what you want for your application and what kind of application are you designing.

TEA is small and fast for block ciphering.

Diffie-Hellman is a reasonably easy to implement key agreement protocol.

Otherwise you may need to use some form of public certificate.

The forum mod has a really good thread on this somewhere...

This is for a small to medium sized mmorpg. I don' know of any good reasons to encrypt stuff such as movement and chat, but yeah, for account sensitive information, I will do some encrypting.

Encrypting the packets (and potentially hardening the clients memory too) is the way you avoid bots and other information and assistence programs - you want to keep as much of the communcations protocol out of the players hands for as long as possible, so they cannot write programs that site between the game and the server doing things. And then when someone finally cracks a bit of it, you can push an update that completely changes the order of some variables and uses a completely different encryption method, forcing them to start over from scratch.

Use some kind of encryption on the account data - you don't want snoopers to get ahold of that. Encrypting and checksumming the general game traffic is probably considered a good thing to do, but you should not rely on it *at all* to prevent people from modifying the data - players can and will tear down and reconstruct your encryption algorithm - you won't be able to tell if the data has been tampered with between the client and server. Encrypting it does slow down some and leave others hopeless, but the 'real concerns' will have no trouble with it, so I think it's only good to lessen the number of people able to tamper with the data, or slow down widespread use of exploits.

I would not worry about encryption just yet. Worry about general security best practices if you think your game will be big enough that it matters, but don't actually drop in any security measures until you have enough content that you may keep player interest.

I would also worry about security of the system more than encryption. If your game is big enough, it will be cracked, and re-cracked after updates. Instead, you should design the game (and rules) so that it doesn't matter if the user can read the network packets in clear text.

Last, I have a page that talks about authentication best practices, which probably is more important than packet encryption to make sure your system is secure.

I personally think encryption is a waste of time and resources for anything except basic authentication. If your game is at all popular the hackers will figure out your encryption schemes and write bots no matter what you do and all your effort ends up down the toilet anyhow.

The best practice possible is to ensure that everything the client says is validated on the server, and that the server only sends relevant data to the client (and not the entire contents of a zone).

If this is achieved (unlikely that you'll only send what is *precisely* relevant) then you don't need to worry about encryption at all (or at least too much) between the client and server. You might get minor 'x-ray vision' exploits or radar exploits. I seem to remember someone playing with an app for an MMO to demonstrate this. Can't remember the MMO or the app name... I think it was for UO...

The next point of danger is between cluster machines, especially for open-source codebases. A maliciously inserted server in a cluster, or packet-forwarding snooper on a server's machine can leak game data to an external party - and so give rise to satan's own radar app for your game. If the network where your cluster is located is available to the public (which in an ideal world it isn't but you may be hosting at a university or something) inter-server traffic should be encrypted with a cluster key.

Well I guess it's a tough call deciding if you're going to do it when you're not sure you're going to have many players but we have a small community ( sub 1k players ) and I'm already seeing ppl using hacks that exploit fails in our server/client validation code, ppl tried to root us several times etc.