tom-weiland
commented
1 day ago I'm glad you like the project :)
I would like to propose adding native support for encryption/decryption in Riptide. Ideally, this would allow for the encryption of outgoing data packets and the decryption of incoming ones.
I am honestly not convinced that this is worth it 😅
Regular game traffic does not (and should not) contain sensitive information, and so spending CPU time encrypting & decrypting it is simply wasteful.
I'm no longer actively working on this project, but even if I was I'd be very hesitant to add encryption support to Riptide for a few reasons:
- I'm not overly familiar with cryptography or "modern encryption standards" and I can't say I'm particularly keen for me or the library I built to bear the responsibility of properly protecting people's sensitive data. A single mistake made out of simple ignorance could have pretty severe consequences.
- Most (if not all) traffic you send via Riptide should be non-sensitive game data, as I would argue that sensitive things like account credentials for logging in likely shouldn't even be handled by your game server.
- I don't see why encryption would need to happen at the message level. Even if you did want to send a password via Riptide, couldn't you simply encrypt it yourself and then write the encrypted bytes to the message (and vice versa on the other end)? Perhaps my lack of encryption knowledge is already showing by asking that question 😅
- You might then say that having some helper functions or something to encrypt things would still be good to have as part of Riptide, but Riptide is a low level messaging/game networking library, not an encryption library, and I'm not eager to change that for reason 1. Also I would think there are plenty of other/existing libraries out there that can help you encrypt your data.
Regarding the benefits you mentioned:
Security : Encrypting network traffic protects sensitive information from potential eavesdropping and tampering.
I think this is the main one that has merit, but again, your game servers arguably should not be handling sensitive information in the first place.
Cheat protection : Ensures data integrity and confidentiality, especially in multiplayer or P2P environments.
I fail to see how encryption would help protect against cheating. Cheating in games is normally done by modifying the client application (which encrypting network traffic will not protect against), not by intercepting and tampering with packets. Also if you've chosen to build a peer-to-peer or client hosted game, then you've hopefully just accepted that there will be cheating and you're okay with that because the only reliable way to prevent most cheats is to have an authoritative server calculate everything important.
Compliance : For projects requiring compliance with security standards, encryption is a must-have feature.
I'm not really sure what sort of projects you're referring to here, but Riptide is primarily built for real-time game networking.
Unfortunately even if you convince me that this is a good idea and worth adding to the library, as I mentioned I am no longer working on Riptide so I'm not sure who would implement and test an addition as important-to-get-right and (likely) large as this.
First off, thank you for all the hard work on the Riptide. It’s a great tool for low-latency, reliable networking. I recently found Riptide and I'm amazed how robust it is and the features it has.
However, one feature that seems to be missing is encryption/decryption support for network traffic.
Proposition :
I would like to propose adding native support for encryption/decryption in Riptide. Ideally, this would allow for the encryption of outgoing data packets and the decryption of incoming ones.
Requirements :
Benefits :
Alternative :
At the moment, developers must implement encryption/decryption manually at the application level. However, having this feature built into the Riptide library would reduce the complexity and improve ease of use for developers.
Adding this to Riptide will make it almost a completely comprehensive tool.