Anyone know what the trend is with MMORPG developers encryption their client/server protocols these days?
The pro’s and con’s are as follows.
Encrypting protocol:
- protects trade secrets regarding client/server protocol to a degree?
- Botting isn’t stopped, it is only changed because people will create bots which read screen states and trigger mouse+keyboard events will then be developed, merely mitigating the development of bots as opposed to stopping them in anyway. Still though bot development is less in supply somewhat, but the demand is still there, they merely get higher bids on rentacoder.com
Regular plain text:
- more advanced bots since the developers are able to inject their own datagrams into the client/server protocol. (ie: running through walls, teleporting… which the server side has to now check, which in turn leads to a development contest between out patching exploits via injection (time consuming)
@Samuel & coxymla:
That’s not entirely true. If the protocol uses asynchronous encryption where the server’s private key is unknown to the client, then the bot cannot decrypt the client’s egress. This means that to modify the outgoing data, the bot actually has to hook the game process and intercept the data before it’s encrypted.
It’s simple enough in theory, but it can be technically challenging. At least you’re raising the bar for attackers.
@Zombies: Beyond initial key exchange, most encryption schemes do not require extra data transfer. Further, while there is extra work to be done when encryption is used, the data transfer will most certainly be limited by the network and not the processor.
Put plainly, encryption does not lead to slower/more data transfer.
Cautionary note: This Wikipedia page contains a story about a common encryption mistake made by the developers of Phantasy Star Online. It’s worth a read.