revolution-irc icon indicating copy to clipboard operation
revolution-irc copied to clipboard

Published 20 hours ago verified publisher icon MCMrARM

Support FiSHLiM Encryption

Open benrob0329 opened this issue 6 years ago • 4 comments

See the plugin shipped with Hexchat, and also https://fishlim.kodafritt.se/

benrob0329 avatar Mar 23 '19 01:03 benrob0329

WARNING: FiSH encryption is not secure. See the security section below. A better encryption mode will be implemented later!

I'm going to be highly conflicted about this.

Michcioperz avatar Mar 23 '19 11:03 Michcioperz

FiSH encrypts your messages in ECB mode (in other words, in independent blocks). If the same block appears two times it will be encrypted the same way both times.

So, never give untrusted people unencrypted chat logs if they also have the encrypted version! Then they can decrypt the messages if they appear again. Also, it's possible to make statistical attacks or replay attacks. A better encryption mode will be implemented later!

Yip...

jzabroski avatar Jun 09 '19 20:06 jzabroski

See https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/ (Quassel supports both modes, and I believe Hexchat does as well)

https://bugs.quassel-irc.org/projects/quassel-irc/wiki/Blowfish_Encryption_Manual

benrob0329 avatar Jun 10 '19 05:06 benrob0329

ECB variant is definitely not going to be implemented as it provides next to no security. CBC can be considered.

MCMrARM avatar Jun 10 '19 10:06 MCMrARM