A question about the security of contacts

[darkman088]

Hello,

First of all, I apologize if this is not posted at the right place...
Then, it is quite hard to construct my question, anyway: most apps for chats and voice calls are having a central place for account management, which basically means, that when you start the app, you should first authenticate with a user name and a password, then the contacts are being fetched from a central server...
You guys are taking a different approach here - the user ID and the contact list is saved in a file on the local system. It has 2 great advantages: 1) We do not rely on the availability of a central server. 2) It avoids headlines like 1 000 000 accounts were stolen.
But on the other side, there is a big disadvantage, that it is quite easy for this file to get compromised. I am trying to think what are the consequences, if this shall happen - as FORTUNATELY tox clients are not saving the chat history, the intruder will not be able to catch any recent conversations. But he will be able to masquerade as the account owner and speak with his contacts in his name. While during voice calls this will be rather difficult, it is hard to predict what will happen when chatting...
Also, what will happen if 2 computers start a tox client with the same ID file... ? Has anyone thought of this or tried it out ?
Wouldn't it be better, if tox would request a password before loading the contacts file ? The password would be stored in encrypted format in the file itself. What do you think about that ? Is it difficult to implement ? Does it make sense to be implemented ? Or this can be easily brute-forced, like passwords on Excel files for example ? But even if, that would be an additional level of security. Maybe I am not seeing things that other people already thought of...

[arno01]

Hello,
well, I believe your question can be shortened down to: "What is the security of my account if my system has been compromised?"

I'd suggest Tox.IM Core team to add an option to set a user-password over a personal tox file (similarly like ssh private keys are protected). [ btw for cipher-punks, I've found an interesting article here http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html ]

That would improve the security, however everyone should know the basic rule - if your system has been compromised, then there is nothing that can help you :-) (they can keylog the password you are typing to open your profile / "account" )

Another thing that there is no central server database of all the accounts (like Skype or ICQ), it is because the whole concept of TOX is based on DHT [ https://en.wikipedia.org/wiki/Distributed_hash_table ] , and among its properties you can notice especially this one:
"Some DHT designs seek to be secure against malicious participants and to allow participants to remain anonymous, though this is less common than in many other peer-to-peer (especially file sharing) systems; see anonymous P2P."

[GrayHatter]

I'm going to close this as It's just a question, but eventually uTox will encrypt the save file, but apart from that, there's really no solution to this one. If TLA does get your computer they WILL be able to impersonate you, and I really can't think of a good solution for that.

On the flip side, once toxcore supports multiple devices, if your laptop does get stolen, you can de-autht it from your phone. So show your support for multiple devices in the toxcore repo!

[darkman088]

Sorry, can please just somebody bother to answer me this brief question from my post: "Also, what will happen if 2 computers start a tox client with the same ID file... ? Has anyone thought of this or tried it out ?" Many thanks in advance!