Quote Originally Posted by ANR Daemon View Post
Surely you have a working PoC exploit against TS3 encryption then?
Mind filing a CVE?

So, first of all: the encryption is completely unaffected by that flaw since SHA1 is no encryption algorithm.

Secondly: i know that a exploit (e.g. creating a specific public id for a private key you own) is unlikely at this point in time and requires a amount of compute power a normal user won’t have access to. However, as times go by, the attacks will get more and more efficient, making it more likely.

ATM it’s not that critical that you have to rush the migration (even tho that’s what I’m trying to achieve) but as time window closes, there will be a point that attacks are easy and there are still no migration plans.

Users like you, trying to defend a usage of hash function listed deprecated by NIST since over 8 years, are delaying that problem even further as teamspeak as a company sees that you don’t care.

So again: if you don’t start to plan the migration now, the problem will get delayed even further, creating a more and more growing risk of exploiting. Stop defending such nonsense.