Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 13 of 13
  1. #1
    Join Date
    August 2007
    Location
    SWEDEN
    Posts
    130

    [Solved] How server can verify only with pub ID ?

    Sorry If I missunderstood something or missread.

    I gave server admin to user id "57". -- This is visible for everyone
    His public ID is "xyz123abc456" -- that is also visible for everyone

    In database as far as I saw public id is the only IDentification for this user. He is a server admin.


    How is that possible to prevent(or is prevented already) that some other user will write down his publicid and use it in his own client, wouldn't he have SA priveladges then?


    Cheers!

  2. #2
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    The public ID is only one part of the "key". You would need the whole identity to login as that user. It's like having the nickname but not username/password

  3. #3
    Join Date
    August 2007
    Location
    SWEDEN
    Posts
    130
    cool but what is used instead of username + password then?

    It must be stored somewhere in database! As I saw ONLY public ID then what else is used to verify UNIQUE of this user.

  4. #4
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    This ID is in fact used to identify the user. But there is no way for another user to log in with this ID because he doesn't have the other part of the key. The private part is only stored on the client.

    Have a look at this: http://en.wikipedia.org/wiki/Public-key_cryptography

  5. #5
    Join Date
    August 2007
    Location
    SWEDEN
    Posts
    130
    No, god, sorry cryptography is too complicated for me to understand just from reading article. I think I know what it's all about but I miss some knowledge for sure.

    Final question then.
    The thing is: I created channel No 17, put there user "John" and give him Channel Admin.
    Then I said to john: Please visit www.WEBSITE.com/request, put there your email and "XXX". You will receive token which can be used to grant channel admin on your channel No 17.

    NOW THE POINT: What should be this "XXX". It must be something to verify that he is real John. Cause also "Adam" from No 18 can say "I'm john, give me CA token on john's channel"


    I hope you understood me

  6. #6
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    But cryptography is a very interesting topic

    Back to your question: You have to make sure only John get's the token! Everyone can use the token, so just be sure only John has access to it.

  7. #7
    Join Date
    August 2007
    Location
    SWEDEN
    Posts
    130
    You didn't understand me ^^. I know that everyone can use token, however problem is:
    What john can put on the website to verify that he is the real john from the channel 17. For example public ID is some kind of verification but everyone see it can't be used. Any other thing? I bet there is none cause as I understood from this wikipedia article. He can share his pub key (and it is shared) and he doesn't need anymore for server to verify him. However it's 0,00...01 part to success (to crack) Everything is able to turn back but it's very hard -- The cryptography

  8. #8
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    How you ensure that he really is John is up to you. You could send him the token directly in TS. You could send it in a PM in a forum. Or if you have a website and an existing user system you could provide the token on a secure part of the website after login.

    The question here is the definition of "knowing John". How do YOU know it's John? If you can identify him, use this method of identification. Or use an environment where you already have identified John.

    This might also be an interesting topic if you have an existing user system: http://forum.teamspeak.com/showthread.php?t=49091


    For the cryptography: Of course you can crack the key with enough time and calculation power. But it would take years
    You could also try to find fast a solution for some specific mathematical problems. This would break many cryptographic systems in the world

  9. #9
    Join Date
    December 2009
    Location
    Taiwan
    Posts
    313
    one way to solve your problem, is to use the offline message.

    since only John (with the corresponding key) is the only one that will be able to see the message, it is guaranteed that no one else could get it.

  10. #10
    Join Date
    August 2007
    Location
    SWEDEN
    Posts
    130
    Thank you for your help!

  11. #11
    Join Date
    July 2004
    Location
    Oirschot, Netherlands
    Posts
    123
    we simply make people join, and post there nickname, databaseid and public unique id on the forums so we can update the rights.
    We do assume that somebody gives his own info, and not somebody's else's. (as he will have no rights himself then)
    And so we can give them rights, and everytime that they join again, they have the rights. (and you can also see it is the real "John" as he has more rights that guests, who have a different id.)

    Server checks with Client whether the id is correct, and for that the client gives the server the private part as verification, to put it very simple.

  12. #12
    Join Date
    January 2010
    Location
    Switzerland
    Posts
    10
    Tokens are there so you can hand out permissions to people who do not have an identity yet. If they had an identity, you could set permissions directly in TS3.

    In the latter case you still don't know if user "Steve" (or rather ID: RIunLLwR...) really is Steve and you should give him permissions. You still need Steve to tell you: "hey, that's me, give me permissions!".

    So it basically amounts to the same as the first solution (which really is better anyway because you can hand out tokens in one step instead of waiting for users to ask for permissions).

    ---

    Public-key-crypto works this way:

    You have two keys. If you encrypt a message with key A, you can decrypt it again with key B (and vice versa).

    So I can give you a message like "test123" and tell you to encrypt it with your secret key A. Then you hand me the result and I decrypt it with your public key B. If I get a garbled message then I know decryption didn't work. Since I'm using the correct public key B, you must be using an incorrect private key A. That's how I know you're an imposter. If the message is correct then I know it's you because only you have private key A and can encrypt it correctly.

    ---

    @PeterW: Cracking modern cryptography with medium key strength will take years if you use a distributed grid with 1mio machines. It'll probably take something along 10^19 years using high key strength and assuming CPU power only doubles each year and there's no mathematical break-through that simplifies attacks.

  13. #13
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    Quote Originally Posted by Lenja View Post
    there's no mathematical break-through that simplifies attacks.
    Not yet, yes But if you find one we would have a problem

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [solved] web server list don't show my server country region
    By thxxx01 in forum Bug Reports [EN/DE]
    Replies: 40
    Last Post: December 31st, 2011, 04:29 PM
  2. Verify the license of TS3 server.
    By igorsantos11 in forum General Questions
    Replies: 5
    Last Post: June 14th, 2011, 12:27 PM
  3. Licence verify ?
    By Vladimirmh in forum Linux / FreeBSD
    Replies: 3
    Last Post: May 3rd, 2010, 07:24 AM
  4. Replies: 0
    Last Post: April 14th, 2010, 10:29 PM
  5. Replies: 1
    Last Post: February 12th, 2010, 11:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •