I hope I am not bringing up a question that is already answered, if it has, a point in the right direction would be appreciated, but in all my searching I can't seem to find my exact answer to my question.
I have fully functioning MMO with client/server communication. Players download the client obviously, and the server is located remotely (currently controlled only by me) an an Amazon AWS server.
So my basic is question is this. Players create their account for my game from within the client (email, username, password, etc), store this on the server (currently encrypted on the client using a simple XOR encryption, then sent to the server ). And now of course I am looking to now finally make this packet encryption more legitimate and professional.
While researching this, I find people asking similar questions, but I see them jumping right into terms like already having "SSL encryption", sending "salts" and "hashing" the data, but I need to know where to begin from step 1. I am not finding a step-by-step general procedure for beginning to encrypt packets, and figuring out which method I should be doing. It seems like this is more complicated than just writing some simple algorithms and hashing data.
I am attempting to make my game secure enough so that if I do start charging money for the game, or just make the game go "live", I can tell my players "Your login information is secure". I am not interested in dealing with any real money account information at this point. Just one step at a time.
I am basically looking for a guideline of where to start with this. The simplest answer is basically what I am looking for. My game is currently communicating with Winsock, and for now is going to be windows platform specific. Coded in C++.
Should I just look into using something like OpenSSL and go from there?