Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 2019-03-28 12:20:56

Anatoly
Guest

Inbox Encryption

To prevent the latest problems (1, 2, 3, 4, 5, 6, 7, 8, 9, ... and 15 more topics) about leaking of personal data:

What about peer-to-peer encryption?

Only users on both ends will be able to read the message (maybe using their own specified Secret Key and their specified public Key). This will also prevent any 3rd connection from reading the content. The negative aspect of this is, that you won't be able to report the message, but you will still be able to block the one who wrote the message. The database will still store the "blank secret" cipher.

The positive aspects are, as already mentioned, the future safety (and now I mean the real meaning of "keeping the data safe", not safe like did the staff till now.)

Are there any other pros/cons of it?

#2 2019-03-28 13:00:25, last edited by LukeM (2019-03-28 13:05:54)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Inbox Encryption

The problem is that the key needs to be stored somewhere, and as EE is a web game that would have to also be in the database, so it wouldn't really be any safer than before.

Yes there are products that work around this, but there are massive limitations when it comes to viewing messages on a device other than the one you started on, and we can't really have this be the case for EE.

Edit: Found some background info if you're interested: https://core.telegram.org/tsi/e2ee-simp … are-a-mess

Offline

#3 2019-03-28 14:20:40, last edited by Processor (2019-03-28 14:21:03)

Processor
Member
Joined: 2015-02-15
Posts: 2,173

Re: Inbox Encryption

Use the salted hash of the password to encrypt an RSA private key. Publicize the public key.
Upload a new keypair when the account password changes.

Because this is a webgame, the system only prevents old messages before the leak from being read. The hacker can change the database or game code to alter the encryption behavior and execute man in the middle attacks. But it's the same level of security you get with WhatsApp end to end encryption (it's still pretty good).


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

embed.png?style=banner3

Offline

#4 2019-03-28 14:59:04, last edited by LukeM (2019-03-28 15:01:33)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Inbox Encryption

Processor wrote:

Use the salted hash of the password to encrypt an RSA private key. Publicize the public key.
Upload a new keypair when the account password changes.

In this case, that would be an incredibly unsafe thing to do...

Currently the person who had access to the database got a list of all messages, if we followed your procedure they would effectively get a list of 'hashes' of passwords. (Not hashes exactly, but things that could be used to crack a user's password in the same way as a hash could be)

If the level of security was the same for both the password system database and the mail system database then maybe, but the password system database is massively more secure than the rest of the game's database, so its really not a good idea.

Offline

#5 2019-03-28 15:19:37

Processor
Member
Joined: 2015-02-15
Posts: 2,173

Re: Inbox Encryption

Fair point.

The only reason it's "massively more secure" is that you guys don't have access to it. lol.


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

embed.png?style=banner3

Offline

#6 2019-03-28 15:29:06, last edited by Anatoly (2019-03-28 15:29:17)

Anatoly
Guest

Re: Inbox Encryption

Processor wrote:

The only reason it's "massively more secure" is that you guys don't have access to it. lol.

However, if the staff stores all the keys and text messages, don't they still have access to the text message?

#7 2019-03-28 15:31:25

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 9,226

Re: Inbox Encryption

yeha nonoe shoudl have acceso to the passwords its sad that they sitll have to be sotred somwhere to 'check'


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#8 2019-03-28 17:00:46

Anatoly
Guest

Re: Inbox Encryption

peace wrote:

yeha nonoe shoudl have acceso to the passwords its sad that they sitll have to be sotred somwhere to 'check'

nobody has access to the passwords and the topic is about inbox. (im not bullying you)

#9 2019-03-28 17:33:17

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,457

Re: Inbox Encryption

ingame mail is useless and beyond bad, just delete it
i never used it for things other than sending random meaningless garbage to my friends


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

#10 2019-03-28 17:36:05

Anatoly
Guest

Re: Inbox Encryption

TaskManager wrote:

ingame mail is useless and beyond bad, just delete it
i never used it for things other than sending random meaningless garbage to my friends

However, some people didn't just send garbage, as from what I understood, some people leaked passwords in those inboxes...

This drama is a complete mess, I have no idea what's going on anymore.

Anatoly1553790965743826

Board footer

Powered by FluxBB

[ Started around 1710840309.0193 - Generated in 0.107 seconds, 12 queries executed - Memory usage: 1.51 MiB (Peak: 1.68 MiB) ]