Thinking TS3 for your MMO? Don’t.

Worried about security, TeamSpeak has made a radical change in their authentication system (and accordingly their user database).

Recognizing that usernames and passwords carry the risk of brute-force access succeeding against very weak passwords, they took a drastic leap forward.

Gone are usernames and passwords. Well, kinda, but not in the good way that you want.

Like many modern authentication systems, TS3 generates a private “machine key” automatically the first time you fire it up. This special encryption key identifies the TS3 installation/user. It then manipulates that with some crypto-math to produce a second key called the public key.

When your TS3 client logs into a server, instead of supplying a username and password, it instead sends your public key, which is now doubling as your username. The information the server sends back to you will be readable only by combining it with the private key and some more special crypto-math.

To log in as yourself from another computer, you just need to copy the key pair. The best part is – no password required! If you lose the key pair – say you forget to back it up before reinstalling… Well then you’re screwed.

They have provided some mechanisms for integrating your existing user database into theirs. Note that wording carefully. By moving to TS3 you are going to add another user database to manage into your user account systems.

This is really a cracker :)

Forum users view:

After logging in you will see a link “Join our TeamSpeak 3 server” which will take you to a separate page telling you to download and install the TeamSpeak 3 client (if not already present) and then to “Click this link to connect”. When you click the link your TeamSpeak 3 client will start (if not already started) and then connect to the community TeamSpeak 3 server

Wrap your head around this…

To improve TeamSpeak 3 security, they have prevented your users from using a username/password combination and instead made you introduce a new user-identifier for the user. To obtain this, that user must log in to your forums with their username and password where you will expose their super-secret combined loginID and password to them in a URL to click on.

Once someone clicks that URL, they are validated as that user without any need to, say, authenticate by confirming their login with a password or something.

To be honest, he had me in stitches at “not vulnerable to man in the middle” attacks.

Really?

That sounds like the work of someone who doesn’t actually know what a man in the middle attack is =(

Since the server and client both have static key combinations, it is perfectly suited to Man In The Middle attacks :(

Worse still, forums are a honeypot for MitM attacks. So replacing an encrypted user/pass exchange for just a machine-based exchange … Ultra fail :(

The shame is, what TS2 had was good, it just wasn’t very secure. They were particularly concerned, it appears, about people creating noddy insecure passwords.

Surely a far better solution would have been to use the host-based PPK pairs for handshaking, and then used encrypted user/pass exchanges over that. That way it would have integrated easily with existing systems, and it would be at least as secure as – oh, I dunno – SSL, over which you would hope forum software would be exchanging this kind of information…

Heck – they could just have added a password-strength checker

Killer had just bought a TS3 license before finding out that they have completely moved away from the old user/pass model and that integrating TS3 is going to be a whole bunch harder and more headache than TS2 was, for a net loss in security.

Their response to his threads: Responses of “you just don’t understand”, closed and deleted threads :) Oh the irony :)

27 Comments

The simplest form of security is a good, strong password.

It’d just be easy enough to make a password creation requirement include at least one symbol and one number plus a minimum length of about six.

In my experience that is usually sufficient to deal with all but the most determined brute-force attacks and dictionary attacks are useless.

Usually, only a really concerted effort (such as a bot net or similar distributed network attack would crack it) can go through it without having some sort of malware keylogger on the PC in the first place. (Which is user stupidity, the ultimate enemy of all security measures)

Well, according to Peter of TS3, you’re wrong :)

Conclusion:
TeamSpeak 3 uses state of the art cryptography for authentication, making a huge leap security wise as compared with TeamSpeak 2.

Hopefully this state-of-the-art will eventually percolate through to password-using fools … like banks and such.

wasting our time with “Omg we have been h4xx0red!!!1!!1!” threads.

Fortunately, with all these improvements TS3 is idiot-proof and hacker safe. No, it’s really safe.

For real … This is the most secure TeamSpeak yet.

So what about using Mumble?

since when was PKP state of the art security? would there be a way via their sdk to just bypass their authentication entirely and rely instead on the ww2ol authentication?

If we had time and $ it would be fun to build such a beast for WW2OL. All we need is FMOD, some mic support for PCs (Mac are trivial to support), and write a nice telephone like switch (in Erlang!). Easy as pi.

FMod? Why not Speex? We already-kinda-do have speex in the project… :)

Jump over to http://www.ventrilo.com/, my gaming group prefer it over TS.

also have you guys looked into http://mumble.sourceforge.net/? i have zero experience with it but it appears to be actively developed. last update was a few days ago. best of all its a BSD license.

Hands down TS2 was the best of the bunch, I’ve not yet used TS3 but their idea of security is just arse about tit in my book, they’ve passed off the security to forums, which can be run by any old toss pot who doesn’t have a clue. Just ridiculous.

Ventrilo does my nut it is so poor it’s unreal.

I only heard about Mumble yesterday, it’s clear, but it is still not professional enough in my book.

The best comm’s experience I have had has to be in EQ2, it’s so professional and a credit to SOE who rarely get credit when it is due.

Anyway, EQ2 use Vivox: http://www.vivox.com/

Can embed in the game, but also still use it externally if your PC crashes, you just have to start it up separately.

Above where PC crashes, I mean game…

Also, TS3 still doesn’t have the “channel commander” -feature. CC was very easy to use and understand. The only difficulty is getting people to bind the “whisper to channel commanders” -key, but after that it’s so simple. You talk to people who have a red light on, everyone can see who has a red light and everyone can turn their red light on or off by themselves.

With TS3 you have to set up whisper lists. Everyone has to drag the person to their list (they can’t simply put on their red light themselves). You can’t see who is on who’s list, and thus you can have a situation where someone says something “on command”, but entirely different group of people will hear that compared to the group of people who hear when you talk on command yourself —> massive confusion, missed orders and information. If you want to include someone to the command chain just for a short while everyone has to drag that person to their list and then remember to take the guy off later (never happens!). If someone happened to be AFK, they of course did not add that person to their list and now again we have a situation where the guy who got added to command misses whatever the guy who was AFK will be saying.

The red light also has the added advantage of seeing who is in charge at that moment on a channel.

But according to devs the new system is superior to CC.

Continuing to above..
In any case, my squad changed from TS2 to TS3, simple because of sound quality. Also, we aren’t quite as big anymore, so the CC problem is not that bad. Still, I hope they will reimplement CC feature in the future.

i just hope w/e is chosen gets integrated into the game’s chat channel system with flexible tuning/detuning. in addition though i hope it has a squad channel and t least a few squad sub channels.

That just sounds utterly awful – I can’t say much more on it as you’ve generally covered it above.

so i just setup a ts3 server. i’m not seeing what all the hub-bub is about.

Try logging in as the same user from a different machine and/or user account.

ah ok so the PkP is tied to the client you load and the public key is created during install. it was fairly simple to export the key and import it on my laptop. its something you could put on the users to manage themselves i would think. how many people play from multiple systems? or, more precisely, how many people use their main account across multiple systems? one thing though i could connect to and talk using ‘madrebel’ (different UIDs) from the laptop before i imported the key. my permissions weren’t available but it still ‘worked’.

idk are you guys looking at the SDK for integration’s sake or just looking at the TS3 stand alone server piece? reason i ask is maybe the SDK is more flexible? idk haven’t looked at that piece at all, they want monies to play with that :D.

TS3 is more secure in some scenarios: private clan servers, for instance, where you can afford to have a server password that you change whenever you boot someone from the clan.

How’d you feel if you had to log out of TS3 and go to the forums for a new password every time someone got banned or unsubbed? :)

By default, TS3 operates in an “anyone can join” (unless there’s a server password, and then it’s anyone who knows the password).

What they did fix is that – since the password generation is automatic and hidden – people can no-longer choose noddy passwords.

On the downside, if you want to use TS3 on multiple machines with the same identity, you have to copy a set of files around.

So if you go to a con, you’ll have to take your TS3 identity files with you. And if you forget to delete them when you’re done, anyone else who uses that machine will get logged in as you without any validation/confirmation.

Or if someone comes to your house or uses your computer. Unless you create a “master password”. Which goes right back to people creating noddy passwords and that not being very secure. Only, now the password is included in the identity file, so anyone trying to hack only has to get into one place…

Then, finally, because they don’t do “users” any more – just identities – there’s no way to control what anyone can call themselves. Which is why they don’t feel the identity files are a big deal… You can just log in from a new box and call yourself “madrebel” (or “KFS1”) from there.

The SDK isn’t going to help because they have removed the underlying concept of a user account. There are only identities.

I posted a suggestion for how they could cover all the bases in one swoop, and happen to make the authentication in more secure at the same time. Waiting to see if Peter responds back with another “username and password is evil, we’re never going to do that again” response.

(When Killer replied to one of them with ‘Its good enough for my bank’, the thread got deleted :)

meh I think their point is that there is only a single point of interception here. Yes it can be intercepted if you can get around SSL, but it would be some what impervious to the brute force attack stated. You’d have to be slick to be that middle man who intercepts that URL though and the url params are encrypted since they are sent after the SSL handshake so you’d have to be even slicker to crack the SSL protocol.

well there is no need to avoid usernames/passwords. that should be default. having the option to use key pairs prior to the username/password or separate from is fine.

hell SSL binding to an LDAP backend would be fine.

oh and of course allow the admin to set password policies. Having a single cap, numeral, and wildcard greatly increases even a bad password’s security against brute force.

Eigen: That’s assuming that the forum uses SSL – most of them don’t :)

The reason for their shift was the number of “my server got haxed” posts they have to deal with, as a result of people choosing stupid passwords. Relying on people’s ability to safely configure forums … Not going to help :)

Ultimately – what they needed was … a password strength check :)

just sayin this is best done yet worst ts3 bashin post ever congratz u sir have failed

If goin’ over your head is fail, then we must live in a world full’o’it.

Your conclusion about the security of TS3’s authentication mechanism is completely wrong and misguided. It is, in fact, as secure to a MITM attack as you can get. What is generated by your forum is not some combination of userid and password to use, but rather a permission token.

Think of this token more like one of those RSA keyfobs or authenticators. It is simply a one time password that is randomly generated in a cryptographically secure way and provided to the user. It is provided over a similarly encrypted connection to that of any username or password login, but has the added benefit of only being used once. Should someone manage to steal it and use it, then the user trying to authenticate would become aware of the problem when the token was no longer valid. This means it is not only tamper proof (MITM protection through SSL) but also tamper evident (token can’t be used by legit user if invalid user makes use of it). At no time is the actual private credentials moved from the key generated on the client itself.

It does require a bit more hoop jumping to get a user setup through the system and forum support is more complicated as you have to generate the tokens behind the scenes and do more wireup against the unique ids, but it is a far FAR more secure system and not that complicated to implement with a decent understanding of how to implement secure systems. (Though moving identities could still be much easier for end users.)

Also, there are mechanisms for dealing with username restrictions. If you want to control registration, you can limit access to those who have tokens, which you can then issue just like you would issue registration credentials in the past. You can also set restrictions on usernames that will prevent users in particular groups (or not in particular groups) from using different names or name patterns (useful for avoiding impersonation). The controls are a bit different than they were in TS2, but they are still very present and actually much better developed now.

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: