Security level - how is it determined/increased [technical]

[ThiefMaster]

First of all, I know what (dis-)advantages high/low minimum security levels have and the general idea of the identity system (private/public key based).

However, I'd like to know what's calculated/done when increasing the security level.

[florian_fr40]

Hello

The calculation and the complexity of your identification key (uid) on the server

[ThiefMaster]

I realize that I'm curious about the technical details.
Especially since that calculation must be something not resulting in the public key changing as that would invalidate your access on all servers.

[florian_fr40]

You can understand that it will not be explain here

[ThiefMaster]

As you might know, security by obscurity is a horrible approach and hopefully not the one they used in TS3.
So if it actually relies on a calculation which takes lots of time and not a simple "wait for x seconds and then bump the security level" it's as secure as e.g. RSA (which is secure as long as certain mathematical operations cannot be done much faster than currently possible). In this case the TS developers could even post the *sourcecode* of the security level system without making it insecure.

[florian_fr40]

Yes you right, I'm going to ask at Microsoft how he generate the windows seven key.

[ThiefMaster]

Serial numbers are usually generated/validated with a simple algorithm (which certainly does not take minutes or even hours to generate a single key) and do not rely on strong cryptography. So that's a completely different thing.
I think all serial numbers rely on obscurity - that's why you can write keygens for most applications requiring a serial number - or on online activation which is safe because the key can be verified against a list of all keys ever sold instead of running it through an algorithm.

[bugmenot]

That is the absolute worst attitude to security you can possibly have. If it won't be discussed here, it will be discussed somewhere else. Since your "security" algorithm is apparently worthless, I'll just save everyone the hassle and disable it on my server. Without peer review you're only keeping the honest people honest.

[poisonpanik]

This isn't a method to secure a server it's merely a method to deter those that like to repeatedly join a server w/ new UIDs.

[Peter]

The method that is used is based on hashcash: http://en.wikipedia.org/wiki/Hashcash

[poisonpanik]

Hashcash is a proof-of-work system designed to limit email spam and denial of service attacks.

This is exactly what the security level is for on Teamspeak 3. The idea is to limit the spammers and people who get banned but create a new identity and come back. If you make them wait to raise their security level they will probably get bored and move on.

[bugmenot]

Thank you. I'm always trying to learn something new!

[poisonpanik]

Not a problem! Hope that was the info you needed