Forum

Results 1 to 1 of 1
  1. #1
    Join Date
    July 2002
    Location
    Germany
    Posts
    2,192

    The authentication system of TS3 compared with TS2

    The authentication system of TS3 compared with TS2
    Design choices made for TS3 explained, advantages and disadvantages

    TeamSpeak 2 (and many other systems) use a username password based authentication system. Each user is identified by a unique username but must also supply the correct password to be able to claim the username and permissions associated with it.
    TeamSpeak 3 uses a public/private key authentication system. It basically creates an "identity" file on its first start-up which contains a public and a private key, when connecting to a server it sends the public key and proves through a cryptographic protocol that it also must have the matching private key (without actually sending the private key). If you are having problems understanding this concept think of the public key as a randomly generated user name (which is guaranteed to be unique in the whole world due to its length), and the private key as kind of password but wrapped in some clever math to avoid to ever having to send the actual private key to the server.

    Username/Password Authentication
    + Since you pick username and password you hopefully will be able to memorize this data. This allows you to access your account from anywhere in the world, using the information stored in your head to pass authentication and hence gain access to your privileges.
    + Username/password authentication is the most used authentication scheme out there so users should have an easier time understanding the concept.
    + Since username/password authentication is the most used authentication scheme out there it might be easier to integrate existing user bases that already use username/password authentication into TeamSpeak. Here is a thread explaining how to do it with TS3: http://forum.teamspeak.com/showthread.php?t=56435
    - Passwords chosen are often weak and/or used in other places. One compromised password of a server admin is usually enough to totally ruin the gaming experience of all members of the affected TeamSpeak server for a couple of days, not even talking about wasting our time with "Omg we have been h4xx0red!!!1!!1!" threads. This issue is especially true for TeamSpeak (opposed to other username/password systems out there because):
    (a) It's "just for gaming", many people don't give a second thought about chosing a good password or chosing one you didn't use on ten shady websites already.
    (b) Many users of TeamSpeak are still very young and might not have thought about the topic of password security

    Public/Private Key Authentication
    + Since public and private key are generated randomly (and are much longer than the usual username or password) they are virtually impossible to get at, they contain no pattern that can be exploited and the length prohibits any brute force attack (=try all possible keys). Even eaves dropping onto a client as he connects to a server (man in the middle attack) will NOT gain you any insight.
    +As there is no need to manually pick a username and password the whole registration step of username/password based systems is no longer necessary. This makes the system easier and more intuitive to use as you just connect and the server automatically recognizes you.
    - If you want to use your account from a different computer or after reinstalling your computer you cannot use your head only to authenticate (nobody remembers public+private key), so you need to remember to export your identity and bring it along.

    Conclusion:
    TeamSpeak 3 uses state of the art cryptography for authentication, making a huge leap security wise as compared with TeamSpeak 2. There are some minor hassles when switching computers (export identity) but this is a task most users will not need to do at all and is no big deal usually even when forgotten.
    Last edited by Peter; July 15th, 2010 at 07:41 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 3.6 sound is muffled compared to 3.5
    By wnxgodlike in forum Windows
    Replies: 4
    Last Post: April 25th, 2012, 12:05 PM
  2. 3.6 sound is muffled compared to 3.5
    By wnxgodlike in forum Bug Reports [EN/DE]
    Replies: 0
    Last Post: April 25th, 2012, 03:46 AM
  3. Voice Issues compared to TS2
    By SimonD in forum General Questions
    Replies: 0
    Last Post: October 1st, 2011, 11:08 AM
  4. Authentication?
    By Brennan in forum Permission System
    Replies: 1
    Last Post: May 16th, 2010, 03:39 AM
  5. Voices too silent (compared to TS2)
    By Neverda in forum Client Support
    Replies: 2
    Last Post: December 21st, 2009, 09:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •