[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a project for those who like it



I have been working on an idea or a secure chat system for internet and have 
up with some ideas.  The concept is to runa server(a single server) to 
process the chat for up to say 50 users(more may lag you to death) using
public key to secure the system.  The server would be on an internet machine
and the client would be on the users home pc.  We use the home pc concept
to avoid transporting raw data(unencrypted) over internet and phone lines.
The basic gist (in a pseudo pseudocode) is this:

CLIENT SIDE

User runs client
client asks for password (from pgp key)
client checks for servers pgp public key
user then connects to the network and such(dumb teminal, with hotkey to
   activate encryption/decryption)
client connects to sever sending userid and hostname
client asks for alias
client sends server userid hostname
start main function
when message sent
   client encrypts with servers public key
   client sends message to server
when message received
   client decrypts message with users public key (using password supplied
      at initiation)
   client displays it to users screen
loop to start main function

SERVER SIDE

Admin starts server with server pgp password as a parameter
server waits for connection
server gets connection receives host and id
server checks id table looking for legal user
user is valid
   connect
else
   boot user
check and see if user is logged more than once
if true
   boot both users
   alarm admin
(* This is to make sure noone is lending out their account *)
server matches user with pgp key
start main function
if message sent
   encrypt message with users pgp public key and sends it out
if message received
   decrypt message sent by user using server secret key and password
   reencrypt it for each user on the server
   send message to each user
loop to start main function

The server would have a copy of each users public key, and a look up table
with this format to tell which key is paired with which user:

userid@host pgpkeyname

When I say a user is logged in more than once in the above comment, I mean
logged in on the server, not on his account.

The id or hostname of the user is never displayed and cannot be retrieved.
There is no similarity to irc, no channels, just one stream going to all users.
The data will be encrypted in blocks, and sent out in blocks.

There will need to be made some slight changes in pgp to get this to work.

flaws:  When entering a pgp password, and containing it in memory, this may be
retreivable by the root or the server machine.  Information will be
temporarily stored in kmem, although disorderly, raw.  People are stupid.

Tell me what you think.  People are already wrking on this project, but many
more may be needed to bring it to its completion.  Since I am not
the IP programmer from hell, at this point I am doing the pc client.

iI expect bitches about people saying people will use the server for illegal 
purposes, but because people can use a bathtub for illegal purposes if
they wanted to, I will ignore them.

Treason@gnu