identities are a security risk.

**Saninicula** · 23-12-2009, 22:26

The new permission system is really great and i totally like it, but we need a permission to enforce and the ability to create password secured identities. And tokens.

An exported identity lying around not even secured by a simple password... i'm even more scared about tokens, one string to heaven.

Most people don't care/know where their data travels.

**Fanchen** · 23-12-2009, 23:34

well...a password is also "one string to heaven", isn't it? And it's easier (by far) to guess.
The same applies to exported identitys, but they are still not as insecure as passwords, at least not in my opinion. It would be hard to get such a file (without malware, but again, a password isn't any safer).

**TinySlayer** · 24-12-2009, 01:15

If someone cracks the code that turns the Unique ID into the ID in the .ini identity export then every teamspeak will become easily hackable as long as they can get the IP and password

**R. Ludwig** · 24-12-2009, 04:55

Originally Posted by TinySlayer

If someone cracks the code that turns the Unique ID into the ID in the .ini identity export then every teamspeak will become easily hackable as long as they can get the IP and password

yes and if tommorow the martians come we all die

**MoXNoX** · 24-12-2009, 10:48

Originally Posted by TinySlayer

If someone cracks the code that turns the Unique ID into the ID in the .ini identity export then every teamspeak will become easily hackable as long as they can get the IP and password

You mean like getting a private key from a public key or reversing data from a hash function? If someone cracks codes like that it means they have advanced quantum computers running and the whole bloody Internet collapses

**AmrasTaralom** · 24-12-2009, 12:34

i'll take the one point that makes sense for me, too: password-encryption for exported identities. just because of the risk that someone imports your identity (flying around the hard drive) and uses it for himself. as of now i put it into my truecrypt container but that may not be applicable for everyone.

**R. Ludwig** · 24-12-2009, 13:58

Originally Posted by AmrasTaralom

i'll take the one point that makes sense for me, too: password-encryption for exported identities. just because of the risk that someone imports your identity (flying around the hard drive) and uses it for himself. as of now i put it into my truecrypt container but that may not be applicable for everyone.

you can also set a master password.. yes thats not 100% like all other on this planet also.

**Riff Raff** · 24-12-2009, 14:05

Originally Posted by R. Ludwig

yes and if tommorow the martians come we all die

Holy Crap? Are you serious? Haven't see Mars Attacks? We will win!
Humans ftw!

**Jonybat** · 24-12-2009, 15:06

Originally Posted by MoXNoX

You mean like getting a private key from a public key or reversing data from a hash function? If someone cracks codes like that it means they have advanced quantum computers running and the whole bloody Internet collapses

Haha...that were my thoughts

Anyways, according to the general security rules, its easier to get something that you have than something that you know. When it gets to computers it can twist a little, cause what you have is an encrypted file (that is nearly impossible to decrypt) and what you know (the password) can be seen, cause you have to type it in

About the tokens, they are only usable once, and its not anyone that can generate them.

If you still are afraid, burn the identity to a cd and hide it under your bed

**Whinis** · 25-12-2009, 01:14

I am not entirely sure how the permission for seeing identities work but I can see the id's. The only thing I worry about is someone making a program that you can type in the unique id and it creates an export file for you to import. I would suggest that you make it so that it is difficult to actually see the unique id's

**Jonybat** · 25-12-2009, 02:01

Originally Posted by Whinis

I am not entirely sure how the permission for seeing identities work but I can see the id's. The only thing I worry about is someone making a program that you can type in the unique id and it creates an export file for you to import. I would suggest that you make it so that it is difficult to actually see the unique id's

It doesn't matter, because that is the public key of a pair of keys that belong to a user. That public key can only be used to decrypt a message (in this case, some string that proves who the user is) that was encrypted with the user's private key.

Its simply not possible to get the private key from the public key (well, at least in a reasonable time, using fairly recent algorithm)

Anyways, what i can agree is that the unique ID and other sensible information should be able to hide from the normal users, like i said here, but other than that the system can prove to be really safe

Thread: identities are a security risk.

Thread Tools

Rate This Thread

Display

identities are a security risk.

Thread Information

Users Browsing this Thread

Similar Threads

Improved Security Level - Can no longer connect to server

What is the security level for

Teamspeak Security? Where? Here's a suggestion!

Security Enhancement Suggestions

Posting Permissions