Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

Donate!

pls donate


#1 2019-03-28 12:20:56

Anatoly
Member
From: Germany, Bavaria, Munich
Joined: 2015-07-31
Posts: 6,252

Inbox Encryption

To prevent the latest problems (1, 2, 3, 4, 5, 6, 7, 8, 9, ... and 15 more topics) about leaking of personal data:

What about peer-to-peer encryption?

Only users on both ends will be able to read the message (maybe using their own specified Secret Key and their specified public Key). This will also prevent any 3rd connection from reading the content. The negative aspect of this is, that you won't be able to report the message, but you will still be able to block the one who wrote the message. The database will still store the "blank secret" cipher.

The positive aspects are, as already mentioned, the future safety (and now I mean the real meaning of "keeping the data safe", not safe like did the staff till now.)

Are there any other pros/cons of it?


Best regards,
y51lcgx.png
Graphics | Signatures
Anatoly.

Offline

#2 2019-03-28 13:00:25, last edited by LukeM (2019-03-28 13:05:54)

LukeM
Dev Team
From: England
Joined: 2016-06-03
Posts: 2,820
Website

Re: Inbox Encryption

The problem is that the key needs to be stored somewhere, and as EE is a web game that would have to also be in the database, so it wouldn't really be any safer than before.

Yes there are products that work around this, but there are massive limitations when it comes to viewing messages on a device other than the one you started on, and we can't really have this be the case for EE.

Edit: Found some background info if you're interested: https://core.telegram.org/tsi/e2ee-simp … are-a-mess

Offline

Wooted by:

#3 2019-03-28 14:20:40, last edited by Processor (2019-03-28 14:21:03)

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Inbox Encryption

Use the salted hash of the password to encrypt an RSA private key. Publicize the public key.
Upload a new keypair when the account password changes.

Because this is a webgame, the system only prevents old messages before the leak from being read. The hacker can change the database or game code to alter the encryption behavior and execute man in the middle attacks. But it's the same level of security you get with WhatsApp end to end encryption (it's still pretty good).


embed.png?style=banner3

Offline

Wooted by:

#4 2019-03-28 14:59:04, last edited by LukeM (2019-03-28 15:01:33)

LukeM
Dev Team
From: England
Joined: 2016-06-03
Posts: 2,820
Website

Re: Inbox Encryption

Processor wrote:

Use the salted hash of the password to encrypt an RSA private key. Publicize the public key.
Upload a new keypair when the account password changes.

In this case, that would be an incredibly unsafe thing to do...

Currently the person who had access to the database got a list of all messages, if we followed your procedure they would effectively get a list of 'hashes' of passwords. (Not hashes exactly, but things that could be used to crack a user's password in the same way as a hash could be)

If the level of security was the same for both the password system database and the mail system database then maybe, but the password system database is massively more secure than the rest of the game's database, so its really not a good idea.

Offline

Wooted by:

#5 2019-03-28 15:19:37

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Inbox Encryption

Fair point.

The only reason it's "massively more secure" is that you guys don't have access to it. lol.


embed.png?style=banner3

Offline

Wooted by:

#6 2019-03-28 15:29:06, last edited by Anatoly (2019-03-28 15:29:17)

Anatoly
Member
From: Germany, Bavaria, Munich
Joined: 2015-07-31
Posts: 6,252

Re: Inbox Encryption

Processor wrote:

The only reason it's "massively more secure" is that you guys don't have access to it. lol.

However, if the staff stores all the keys and text messages, don't they still have access to the text message?


Best regards,
y51lcgx.png
Graphics | Signatures
Anatoly.

Offline

#7 2019-03-28 15:31:25

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 5,736

Re: Inbox Encryption

yeha nonoe shoudl have acceso to the passwords its sad that they sitll have to be sotred somwhere to 'check'


OeaNm9Q.png              MYaIIs9.png
ty anatoly and nikko99 for a golden sig and blueclued for avatar and daneeko for pixelating my sign //forums.everybodyedits.com/img/smilies/cool3bluekeys.pngKFPwcx.jpg

Offline

#8 2019-03-28 17:00:46

Anatoly
Member
From: Germany, Bavaria, Munich
Joined: 2015-07-31
Posts: 6,252

Re: Inbox Encryption

peace wrote:

yeha nonoe shoudl have acceso to the passwords its sad that they sitll have to be sotred somwhere to 'check'

nobody has access to the passwords and the topic is about inbox. (im not bullying you)


Best regards,
y51lcgx.png
Graphics | Signatures
Anatoly.

Offline

#9 2019-03-28 17:33:17

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 7,782

Re: Inbox Encryption

ingame mail is useless and beyond bad, just delete it
i never used it for things other than sending random meaningless garbage to my friends


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos













like.php?tid=46047&pid=754703

Offline

#10 2019-03-28 17:36:05

Anatoly
Member
From: Germany, Bavaria, Munich
Joined: 2015-07-31
Posts: 6,252

Re: Inbox Encryption

TaskManager wrote:

ingame mail is useless and beyond bad, just delete it
i never used it for things other than sending random meaningless garbage to my friends

However, some people didn't just send garbage, as from what I understood, some people leaked passwords in those inboxes...

This drama is a complete mess, I have no idea what's going on anymore.


Best regards,
y51lcgx.png
Graphics | Signatures
Anatoly.

Offline

Anatoly1553790965743826

Board footer

Powered by FluxBB

[ Started around 1566732041.6839 - Generated in 0.038 seconds, 13 queries executed - Memory usage: 1.41 MiB (Peak: 1.58 MiB) ]