Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Cryptographic IRC? 15

Posted by Cliff from the AIM+PGP-in-real-time dept.
cylent asks: "I have a close-knit group of acquaintances that like to communicate with each other often. Public IRC servers are fine for chit-chat, although for more in-depth discussions a more secure form of communication is preferred. I'm wondering what GPL'd software exists to provide for a secure form of realtime multi-party communication. Are there any IRC servers/clients that support any form of public key cryptography? Blowfish? 3DES? Are there any other proprietary "chat" programs available with a forte in cryptography?"
This discussion has been archived. No new comments can be posted.

Cryptographic IRC? More

Cryptographic IRC?

Comments Filter:

  • Gale (Score:1)

    by Anonymous Coward
    see http://www.gale.org./
    Still beta, but it works quite well
  • Easy - run a talk (or IRC or whatever) daemon on the server, configured so it only accepts connections on the local loopback interface. Then everyone uses ssh to connect to the host, and then uses a regular client to connect to the server. 100% off the shelf components (which you probably already have) , no need to modify anything, and no additional procedures to follow, certs to distributes, etc.
  • Or 1024 bit Navajo Code Talkers?

  • S-talk (Score:2)

    by Haplo ( 6441 )
    I'm not sure if its strong enough for what you're looking for, but try S-Talk [matrix.com.br]. Its a UNIX talk compatible client with encryption added on. Also, if you look around, I think there are ICQ add ons that will do what you're looking for (but I don't know of any off of the top of my head).

  • "Given enough bugs, all eyeballs are shallow."
  • ...for now!

    (sinister laugh)

  • Though if the ssh/irc combo works for you, that sounds ideal.

    Other possibilities: The easiest and fastest implementation I can think of, though a bit klunky, and requiring either a nice web admin or you to be the web admin, would be a HTML script (cgi) chat program and connect via SSL (you can generate your own cert, your interactants will have to trust it. big whoop. Problem is that it's not end-to-end, the chat will be in cleartext on the web server.

    real-time manual encryption. IIRC, Syncrypt has a java interface that can encrypt what you highlight on screen, program independent, in Win32, via use of the clipboard. This could perhaps be automated via mIRC in windows environments?

    You might investigate using Elliptic Curve crypto of some sort. It's soooo incredibly much faster, and if'n you go full-blown with sending PKI-style public-key crypto, separate messages to each recipient, speed will rapidly become an issue. Moreover, ECC 108 proved something like 50x harder to crack than RSA 512, and 163bit, which would still be lightning fast, would be much, much more secure.

  • AOL IM (Score:1)

    by mlc ( 16290 )
    No, I'm not joking. You can use TiK, the TCL/TK AIM client (or actually any other TOC client, like (I think) gAIM) with stunnel or some other form of SSL and encrypt your connection with the server. Of course this has some problems:
    • Your data is stil decrypted on the server, which means that you have to trust AOL. This may be a bad idea.
    • All participants have to set it up -- if one doesn't, whoever you distrust could be intercepting his packets.
    But, it seriously does work. I encrypt all my AIM sessions, just because I can, even though I know the people I'm talking to haven't done the same.
    --

  • Re:SSH (Score:1)

    by Delta ( 16579 )
    Using SSH for encryption will not solve anything if you wish for a distributed model. IMHO the best, if not only solution, to encrypted chat over IRC would be to utilize the already set up networks, like EFNet, and then stuff a cryptographic module or script into the IRC clients. This will also enable one to let the user choose the client he wishes to use, and port the module.
  • I honestly don't think anyone's silly enough to want to use a encryption scheme that only encrypts traffic to the server, not all the way to the end user. The whole point is to keep the conversation secret.

    You'd also loose all the advantages IRC have over such systems as AIM or ICQ.

  • SSH (Score:3)

    by mind21_98 ( 18647 ) on Sunday April 23, 2000 @10:28AM (#1115046) Homepage Journal
    How about having everyone use the port forwarding features of SSH? Everyone could use SSH to log into a server with IRC on it.

    For example:

    1. Set up SSH config file with:
    local port: 6667
    remote host: [change to host with IRC server]
    remote port: 6667)

    2. Start SSH and log into the server with it. You should see a shell prompt.

    3. Have BitchX, X-Chat or some other IRC client connect to 127.0.0.1 port 6667.

    Tada! Instant security.
  • You could just give everyone accounts on a Unix machine, then you all log in (using SSH, of course) and use talk. Easy and secure.

    Another method would be to setup a small IRC server on one of your machines. Then have everyone connect to your machine with port forwarding on. You almost certainly don't want to trust the public IRC servers.

    A somewhat higher-latency solution would be to set up a mailing list and some simple scripts, lets say called mailit and readit. mailit [filename] will encrypt the file with GPG then mail it to the list. readit listens for mail from that address (probably with help from procmail), and automagically decrypts the message and displays it on the screen (you type the passphrase when you first run it). This is just a random thought, there are probably problems with it that I'm not thinking of.

    Someone was doing work on a talk/IRC type client which encrypted using Diffie-Hellman and Blowfish, but I can't think of the name right now.
  • No, I didn't mean to imply that 3DES and Blowfish were public key systems. I guess I could have rephrased my question. I hope I didn't cause anyone confusion. I appreciate your clarification for those who are unaware of the differences, though. :)
  • The best way to do this so that it would work on any network would be to scramble outgoing text from the client and have the other user descramble. So, if you logged in without something to decode, all you would see would be "eWGimmgbdime9e7 8jhe 8jetg ge78e 8wjet 7ht" or something. Meanwhile, each client is decoding on the fly to a private key that all you need to do is set as a variable in an IRC script which encrypts and decrypts. With the key, each text string is encoded and decoded. Makes sense kinda.
  • You seem to misunderstand the nature of SSH tunneling.

    Connections from the ssh client to the ssh server are encrypted. Likewise, forwarded ports are encrypted via the same channel. One a connection gets bounced past the ssh server, it is no longer encrypted, since the ssh server has already decrypted that connection.

    For example, in your example, the irc connection would be made to localhost, which the ssh client intercepts and encrypts and sends along to the ssh server. The ssh server then decrypts it and sends it on its merry way to the irc server. Anything listening between the ssh server and the irc server will be able to see a non-encrypted stream of data.

    I think the point of the question was how to ensure a secure data path between each client end to end, which ssh port forwarding does not accomplish.

Slashdot Top Deals

"Don't try to outweird me, three-eyes. I get stranger things than you free with my breakfast cereal." - Zaphod Beeblebrox in "Hithiker's Guide to the Galaxy"

Close