
Originally Posted by
smithers33
55+ views and no replies? Did I ask in the wrong forum? I'd love to keep using and recommending TS3 as a secure chat solution but i'm having trouble doing so in good conscience until i get something of a formal answer. Why is this such a mystery?
Answer: Read http://www.catb.org/~esr/faqs/smart-...ons.html#intro [Short Version: You are smart enough to find answers yourself.]
You have piqued my interest though. I have done some surface testing. Nothing big, I assure you.
So, I have tested text chatting to the server (to the channel and private messaging should be similar), file upload (download should be similar), connection, disconnection, and voice without encryption.
Testing Environment: TS3 RC-1 Server running on 127.0.0.1 (localhost), TS3 RC-2 Client connecting localhost.
I am very happy at the result I got.
Connection, Disconnection, Text Chatting: All I got are unreadable data, which doesn't have any indication of my identity and unique ID. It could be that they are encoded with a reversible retrieve algorithm (I haven't tested against encodes), but they are definitely not readable with naked eye.
Voice: I don't know how to decode voice anyway, so it is unreadable to me even if it is not encrypted. Though I suppose you could use the framework to decode it.
File transfer: Readable with naked eye (i.e.: NOT encrypted). I basically uploaded a text file, looked like this:
Code:
testing first line
testing second line
One of the segment looked like this:
Code:
632 179.908258 127.0.0.1 127.0.0.1 TCP 56146 > 30033 [PSH, ACK] Seq=33 Ack=1 Win=277640 Len=38 TSV=166365319 TSER=166365319
TS3 Server Admin Query (NOT encrypted) [This is exactly what I suspected, since telnet isn't encrypting anything. This is also why I disabled TS3 Query connection from anywhere but localhost. If you are concerned about security like me you should probably never remote login as serveradmin through TCP query. A webinterface with HTTPS protocol may be a good alternative to consider.]
Some segments I captured from localhost:
Code:
0000 02 00 00 00 45 00 00 c6 fd ad 40 00 40 06 00 00 ....E... [email protected]@...
0010 7f 00 00 01 7f 00 00 01 27 1b db e9 43 7b fe c4 ........ '...C{..
0020 02 67 c5 a6 80 18 ff ff fe ba 00 00 01 01 08 0a .g...... ........
0030 09 ea af 54 09 ea af 54 57 65 6c 63 6f 6d 65 20 ...T...T Welcome
0040 74 6f 20 74 68 65 20 54 65 61 6d 53 70 65 61 6b to the T eamSpeak
0050 20 33 20 53 65 72 76 65 72 51 75 65 72 79 20 69 3 Serve rQuery i
0060 6e 74 65 72 66 61 63 65 2c 20 74 79 70 65 20 22 nterface , type "
0070 68 65 6c 70 22 20 66 6f 72 20 61 20 6c 69 73 74 help" fo r a list
0080 20 6f 66 20 63 6f 6d 6d 61 6e 64 73 20 61 6e 64 of comm ands and
0090 20 22 68 65 6c 70 20 3c 63 6f 6d 6d 61 6e 64 3e "help < command>
00a0 22 20 66 6f 72 20 69 6e 66 6f 72 6d 61 74 69 6f " for in formatio
00b0 6e 20 6f 6e 20 61 20 73 70 65 63 69 66 69 63 20 n on a s pecific
00c0 63 6f 6d 6d 61 6e 64 2e 0a 0d command. ..
Code:
0000 02 00 00 00 45 10 00 3b f6 c9 40 00 40 06 00 00 ....E..; [email protected]@...
0010 7f 00 00 01 7f 00 00 01 db e9 27 1b 02 67 c5 a6 ........ ..'..g..
0020 43 7b ff 56 80 18 ff ff fe 2f 00 00 01 01 08 0a C{.V.... ./......
0030 09 ea af 6a 09 ea af 54 75 73 65 20 31 0d 0a ...j...T use 1..
Code:
0000 02 00 00 00 45 00 00 47 65 db 40 00 40 06 00 00 ....E..G [email protected]@...
0010 7f 00 00 01 7f 00 00 01 27 1b db e9 43 7b ff 56 ........ '...C{.V
0020 02 67 c5 ad 80 18 ff fe fe 3b 00 00 01 01 08 0a .g...... .;......
0030 09 ea af 6c 09 ea af 6a 65 72 72 6f 72 20 69 64 ...l...j error id
0040 3d 30 20 6d 73 67 3d 6f 6b 0a 0d =0 msg=o k..
Bottom line: Everything except file transfer and query seems to be safe. I recommend do TCP query through localhost. If you host it somewhere else, use ssh to remote machine, then telnet localhost 10011. This way you establish a security layer yourself, and get around the telnet's risk over Internet.
Warning: I haven't done decode tests, but since TS team did public/private key encryption, I don't see any problem on the connect/disconnect. I don't think the private chats matter all that much, or files for that matter. After all, FTP is still unencrypted. (Yeah, I know there's FTPES, SFTP, but there's no native client support in any modern OS)
P.S.: One decode test I did was against TS2 encode, and the new TS3's encode is, unsurprisingly, completely incompatible with TS2's.
P.S.: Additional Testing. Setting: Channel Voice Encryption = Globally On. File download is still not encrypted.

Originally Posted by
smithers33
I understand that public key cryptography is in use to uniquely identify users but is that public/private key also used to encrypt any of the following?
I'm not a TS dev, but my guess is "no". Public/private key uses too much CPU power, and is generally suitable only at establishing connection to provide a session key. Session key would be transferred through this encryption on the Internet (generation of session key is another story that you can look up yourself.)