Hi everyone, I'm a bit confused about the encryption and security of MLAPI. On this page (https://docs-multiplayer.unity3d.co...connection-approval/#connection-data-security) it says that under Timeout that "the ConnectionData [is] (encrypted and authenticated by the MLAPI)". However, further down, under Connection data security it says "The connection data is not encrypted or authenticated." When searching "encrypted" on the https://docs-multiplayer.unity3d.com page it finds multiple results under the Connection data Security heading, the preview shows "will be encrypted AND authenticated. (AES-256 encryption and HMAC...". But when clicking on the link and opening that page I only see the information above saying there is no encryption. In the release notes of version v0.1.0 the delted features also include the encryption (https://docs-multiplayer.unity3d.com/releases/multiplayer/mlapi-0-1-0/#removed-features): "Encryption has been removed from MLAPI. The Encryption option in NetworkConfig on the NetworkingManager is not available in this release. This change will not block game creation or running. A current replacement for this functionality is not available, and may be developed in future releases. See the following changes: Removed SecuritySendFlags from all APIs. Removed encryption, cryptography, and certificate configurations from APIs including NetworkManager and NetworkConfig. Removed "hail handshake", including NetworkManager implementation and NetworkConstants entries. Modified RpcQueue and RpcBatcher internals to remove encryption and authentication from reading and writing." There also is an old post from 2016 in the forum (https://forum.unity.com/threads/creating-secure-cryptographic-handshakes-with-diffie-hellman.694531/) inluding the remark: "MLAPI uses MLAPI.Cryptography for handshakes. Rijndael 256 (AES) for encryption and HMAC SHA256 for authentication." So these contradicting informations keep me wondering: Is there encryption in v0.1.0 of MLAPI and if yes: What kind of encryption is used and where is a safe source stating this?
There is no encryption in v0.1.0 of MLAPI anymore. It looks like the API docs are not fully up to date.