Interesting. My textbox class allows you to specify allowed input characters so no need for checking that, just needs to check that the userid and password are not null, and are atleast minimum uid/pwd lengths. Textbox class also lets you set a maximum ammount of characters so no need to check that.
Just ran a quick test on the server in debug mode with client in release mode, server encrypted and sent 10,000 packets with a 512 byte payload in just under 3 seconds consistently. Server in release mode wasnt much different, took just over 2.5 seconds. So I think ill stick with the "easy" method for now as it seems pretty fast, well, fast enough for what its needed to do.
I suppose my method is lacking a bit in the sense that all strings are marshalled to a specific length, and will send a set ammount of bytes no matter how long the actual string is. For example 564 bytes (unencrypted) are sent when a character says "lol", which is slightly, just ever so slightly, excessive.