Forum

Page 1 of 3 123 LastLast
Results 1 to 15 of 37

Thread: Usage of SHA-1

  1. #1
    Join Date
    September 2016
    Posts
    46

    Usage of SHA-1

    Please tell me that teamspeak is not using a broken hash function for cryptograhpicly assigning permissions...

    https://shattered.io/
    Last edited by Chris; June 6th, 2019 at 08:10 PM. Reason: moved to own thread

  2. #2
    Join Date
    September 2016
    Posts
    46
    Why was my post about the used hash function deleted?

    Does or does teamspeak not use SHA-1 for any kind of public/private key hashing?

    Just deleting the post is not helpfull for anybody

    Edit: Can answer the question myself, you guys are indeed using a hash function which is known to produce colissions since atleast 2017 and instead of answering a questions, you delete the post. what kind of security is this? security by obscurity? However deleted the post, that must be a joke...

    How about you move to SHA2 instead of ignoring the problem?!

  3. #3
    Join Date
    September 2012
    Posts
    6,080
    Quote Originally Posted by plizze View Post
    Why was my post about the used hash function deleted?
    Because it was referencing an off topic post, besides being off topic itself. Moved to its own topic now.

    Quote Originally Posted by plizze View Post
    How about you move to SHA2 instead of ignoring the problem?!
    That would change the representation of the unique identifier, which would involve a lot of changes and difficulties. It would either mean everyone would lose all their permissions on all servers, or the client / server would need to be updated to handle a graceful switch over to the new one, while still having to support the old one for at least some time due to people not updating their clients.
    The chance of an actual collision happening is obscure, so there isn't really much of a need to change it right now.
    When sending PMs please make sure to include a reference link to the thread in question in the body of your message.

  4. #4
    Join Date
    September 2016
    Posts
    46
    Quote Originally Posted by Chris View Post
    Because it was referencing an off topic post, besides being off topic itself. Moved to its own topic now.
    For me it looked like you try to cover stuff up, my bad. But next time think about messanging a user when you delete his post to clarify it for both parties.


    Quote Originally Posted by Chris View Post
    That would change the representation of the unique identifier, which would involve a lot of changes and difficulties. It would either mean everyone would lose all their permissions on all servers, or the client / server would need to be updated to handle a graceful switch over to the new one, while still having to support the old one for at least some time due to people not updating their clients.
    The chance of an actual collision happening is obscure, so there isn't really much of a need to change it right now.
    So basically you say that legacy clients > security. Sry but thats a statement i cant share. It might be unsatisfying to recreate identies, but if there are critical security flaws, and a collision is THE WORST that can happen to a hash function, that only purpose is NOT to create any collision, then the biggest priority has to be to fix the issue. Like you said, if you dont start NOW the problem will just be delayed more.. and more .. and more.. You could and should have started to atleast create new identies based on SHA-2 back 2017! So please stop delaying it even further now.

    Hope this will improve the situation.

  5. #5
    Join Date
    April 2015
    Posts
    153
    Military grade encryption xd

  6. #6
    Join Date
    September 2016
    Posts
    46
    BTW: The first theoretical attacks papers were published in 2005 and the NIST listed SHA-1 deprecated in 2011.. That was in Beta-Server times if i remember correctly?

    Misstakes can happen and that no issue, important is what you do now, and you need to act quick.

  7. #7
    Join Date
    December 2004
    Location
    RF
    Posts
    3,007
    SHA1 is strong enough for the reasons it is used by TS3, where it is used.
    Don't be that hysterical girl.

  8. #8
    Join Date
    September 2016
    Posts
    46
    Quote Originally Posted by ANR Daemon View Post
    SHA1 is strong enough for the reasons it is used by TS3, where it is used.
    Don't be that hysterical girl.
    The HASH-Function is broken, and its known since 14 Years, Teamspeak messed up by not switching years ago, and it seems like they tend not todo so in the near future and you say thats its fine?
    Get your facts straight and do some research on SHA1 on your own instead of insulting me for pointing out the obvious.

    Youre ignorant by saying "for the reason its used its fine" - no its not. It does not matter for what you use the function, if its broken, its broken and you have to switch. Stating anything different just shows your lacking of basic security knowledge.

  9. #9
    Join Date
    April 2015
    Posts
    153
    Quote Originally Posted by plizze View Post
    The HASH-Function is broken, and its known since 14 Years, Teamspeak messed up by not switching years ago, and it seems like they tend not todo so in the near future and you say thats its fine?
    Get your facts straight and do some research on SHA1 on your own instead of insulting me for pointing out the obvious.

    Youre ignorant by saying "for the reason its used its fine" - no its not. It does not matter for what you use the function, if its broken, its broken and you have to switch. Stating anything different just shows your lacking of basic security knowledge.
    Thank you

    Does anyone know if there's a site where I can find all the info about teamspeak's security system, including key exchange parameters, encryption algorithm, etc?

  10. #10
    Join Date
    January 2018
    Posts
    60
    Quote Originally Posted by Chris View Post
    It would either mean everyone would lose all their permissions on all servers, or the client / server would need to be updated to handle a graceful switch over to the new one, while still having to support the old one for at least some time due to people not updating their clients.
    The chance of an actual collision happening is obscure, so there isn't really much of a need to change it right now.
    Why not updating with Teamspeak 5??

  11. #11
    Join Date
    April 2015
    Posts
    153
    Any plans to change this?

  12. #12
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,528
    Quote Originally Posted by florian2833z View Post
    Any plans to change this?
    Yes...


  13. #13
    Join Date
    September 2016
    Posts
    46
    Quote Originally Posted by ScP View Post
    Yes...

    Thats good news, but a little more information is necessary.

    What are you migration plans? When do you migrate? What happens to the existing identities? How will you mitigate the problems Chris mentioned earlier?

  14. #14
    Join Date
    April 2015
    Posts
    153
    When will this be changed and what is going to be changed?

  15. #15
    Join Date
    December 2004
    Location
    RF
    Posts
    3,007
    Quote Originally Posted by plizze View Post
    The HASH-Function is broken, and its known since 14 Years, Teamspeak messed up by not switching years ago, and it seems like they tend not todo so in the near future and you say thats its fine?
    Get your facts straight and do some research on SHA1 on your own instead of insulting me for pointing out the obvious.

    Youre ignorant by saying "for the reason its used its fine" - no its not. It does not matter for what you use the function, if its broken, its broken and you have to switch. Stating anything different just shows your lacking of basic security knowledge.
    Surely you have a working PoC exploit against TS3 encryption then?
    Mind filing a CVE?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. cpu usage
    By trazu in forum Windows
    Replies: 2
    Last Post: October 27th, 2011, 08:08 AM
  2. cpu usage about 10%, sometimes 15%
    By FulVal in forum Bug Reports [EN/DE]
    Replies: 2
    Last Post: June 22nd, 2011, 08:23 AM
  3. CPU Usage
    By Lifeisgood in forum Server Support
    Replies: 0
    Last Post: May 8th, 2011, 03:54 PM
  4. 50% CPU Usage With TS3
    By gschwendt in forum Windows
    Replies: 0
    Last Post: March 4th, 2010, 10:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •