[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

encrypted irc




I have implemented an encryption scheme with key exchange
in an IRC client.  It is now in working condition.  Here
are the details.  Mail me if you wish to have a copy
sent to you.

---- file: README ----------

this is a tinyirc client (client not written by me)
but I added in encryption..  Right now encryption is
done in DES for messages and RSA for key exchange.

To set it up,  unarchive (you probably already did this)
then type :
     make
this should make a program called 'sock'

now you need to go into the RSA directory and make yourself
a keypair.

     cd RSA
     make genrsa
     make genprim
     genrsa

this makes two files  'public' and 'secret'.  You need to install
these:
     mv secret ..
     mv public ../<yournick>

and give out your public key to everyone you want to talk to.
This lets them send their key to you.

run sock:
      cd ..
      sock

join the same channel as your friend you wish to talk to:
      /join #channel

send them your key,  this lets them read any message typed by
you (note you have to be in the same channel as them)
      /key <your friend>

(note the public key must be in the current directory)
your friend will receive your key, and now everything you type
can be read by him.  In order to send your key to your friend
you must have the file <your friend> in your directory that
is <your friend>'s public key.  He must have the matching
secret key in the file 'secret' in his directory.  If your
friend changes nick's and the filename of his key isnt the
same as his nick you can specify the file:
       /key <your friend> <filename of his key>

thats it!  Everything you type is encrypted with the same key
which is chosen at random when you start up 'sock'.  Every time
you use sock a new key is used.  Every time you want to talk to
a new person you have to send them your key.  Anyone who has
your key can read any of your messages,  so if you dont want
people reading your messages dont give them your key.  Everything
you type is encrypted.


some public keys are already provided in pubkeys/*
copy them into current directory to use them.
--------
Weaknesses:

  (1) serial number and DES key are generated with rand()
      after seeding with time value.  They are generated at
      the same time, and serial number is a publically known
      value.  This could allow people to brute force search
      through the pseudo-random numbers and find your key.
      This *should* be fixed, any ideas/

  (2) RSA key as created by 'genrsa' is not very long!  It
      is crackable right now.  This could be lengthened
      easily enough by modifying genrsa.c .  The rest of
      the program doesnt care what length key is used.

  (3) You can send alot of garbage to someone's screen by
      sending out wrong key's and/or sending out bad
      data matching keys already aquired.
      possible solution: header inside of the encrypted
      data.  1 character would give a 1/256 chance of
      this attack working.

  (4) probably alot more I didnt think about.

----------
Protocol:

there are two types of messages,  one to send keys across
to other people, one to send across encrypted messages, all
messages are sent to the current irc channel, not through messages
to individual people:

   SKPJACK:xxxx:yyyy:zzzzz
        xxxx - the nick name of the intended recipient
        yyyy - the serial number of the key being transfered
        zzzz - ascii encoded RSA data
     messages of this format are used to send private keys (DES
     keys) to the recipient, ie   /key nick.
     Messages received are ignored if xxxxx isnt our current nick.

   CLIPPER:xxxx:yyyy
         xxxx - the serial number of the key used to encrypt
         yyyy - the ascii encoded crypted data (DES)
     messages of this format are used to send encrypted chat
     messages.  Messages received are ignored if we dont have
     the key corresponding to the serial number. 

   ascii coding:  each byte is broken into 2 nybbles (4 bits)
   and sent across as two characters,  the first nybble
   is sent as   hi+'a' and the second is sent as lo+'A'
   so alternate characters are always upper then lower then
   upper case and so on.  (byte = hi<<4 + lo)
    
   Keys are generated randomly and each key has a random 
   32 bit serial number associated with it.  The program
   uses the serial number to decided which key to decrypt 
   with.  The program keeps all the keys it receives.
   All messages you type are sent with your key,  all messages
   you receive are decoded with the key matching the serial
   number sent with it.
   
     
-----
CREDITS

Alot of this software was not written by me, In fact my part
was minimal.  I stole code from the following people:

The basic IRC client (tinyIRC) by:
 Nathan Laredo - "Green" 
 [email protected] 


The RSA package by:    (email address is no longer valid)

  Martin Nicolay		( [email protected] )
  Fliederstr. 23
  4100 Duisburg 1
  W-Germany

I couldn't reach him via email.  I got this package via
anon-ftp,  I hope he doesnt mind use of it in this program.


The DES package (d3des):

 D3DES (V5.09) -

 A portable, public domain, version of the Data Encryption Standard.

 Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
 Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
 code;  Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
 Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
 for humouring me on.

 Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
 (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.

He says "public domain" and then later "Copyright".  I assume
he means "freely distributable, useable".

If any of you are out there thanx alot!  Your code is much
appreciated.