Kyle Olsen, Nov 6, 2020: "..
encrypting real-time udp data is a fool's errand in my opinion .." (from that ^ video)
I'm sure everything
will be fine. No-one would have
any interest in observing or manipulating live client-server MMO communication.
Seems like the Visionary Realms industry veterans have everything covered.
I mean, they aren't wrong. You can encrypt just about anything and it'll be broken eventually. A lot of major games don't have packet sniffers available because they have anti-cheat software that makes it nigh-impossible to run debugging tools or sniffing tools locally, or they simply don't send the information you would want to know about until it becomes relevant. The only types of communication that are near-impossible to break are those that are, by design, not exposed to the client.
Contextually sending data to the client that it needs to know about is much more preferred than sending everything, even in a network optimization scenario. EQ had some really awful practices when it comes to the data itself, but that is independent of the encryption used. EQ encrypts traffic with a simple key per-stream, and to be honest, it's probably not needed if the server knows to reject data that it doesn't think are right, or the server can log it and ban the players after that trigger that condition. But also, a simple encryption can protect against OS-level manipulation of outgoing traffic, which was stupidly easy in the 00's, in the 10's it became harder with the advent of stuff like XTrap / GameGuard getting out of circulation, and most Western publishers turning to solutions like FairFight / BattlEye / EasyAntiCheat. Even then, the Asian market caught up with anticheats, services like XIGNCODE3 scare the living daylights out of me because they can easily be used for surveillance purposes.
Remember, game hacking is easy for people if you give them less barriers. Meaning, the more effort someone has to go through, the less likely the average user will set up the cheat, and the less likely someone will bother doing it. It's like stealing cable from your neighbors in 2010; you can do it, the setup is insanely hard for the common person, and because of the cost to do so and the punishment if you're found out, it's never worth doing and instead worth paying Comcast $160 a month for a full cable package.
This is why the 90's and 00's were the 'golden age' of gamehacking; low barrier of entry. Almost everyone I know from that era is now working professionally in industry, two individuals I know work at Riot Games on their anticheat that I have known since 2010 or so. The industry is small, and the amount of people that fully understand reverse engineering is even smaller.
A more detailed overview of game hacking below, for anyone who is curious. Still relevant today for most games, though factor in modern language usage (C#, Java, etc) and different programming structures of games (replication in Unreal 3, 4, etc)