-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First, I gotta say.. only been back on the list a day or two and the Signal to Noise seems to have gotten nearly out of hand.. I don't know what cypherpunks has to do with trying to listen in on cordless phone calls, or how to give someone drugs.. but anyway.. something on topic.. :) I wrote a UDP based encrypted chat program a while back.. it worked well, but I saw the following drawbacks.. 1) It used secret keys that had to be shared beforehand through a prior secure channel. 2) Being UDP based, I was forced to operate the ciphers in ECB instead of CBC mode, just in case any of the packets got lost. To make the application more robust, I have started rewriting it to use TCP instead. It is still a peer-peer network, requiring no dedicated servers.. while this increases overhead somewhat, I think it's worth it to keep the system from relying on one particular server, or a group of them. You simply add the IP of the people you want to receive your messages to your list. If someone adds you, when you receive a message from them, it adds them to your list automatically. Downside is currently that everyone must maintain an active TCP connection to everyone else.. but it's not meant to be a replacement for IRC or anything like that, just a secure way to chat and transfer other data such as files or voice. I have also decided to get rid of the key sharing mechanism, and instead utilize D/H to generate a KEK, then transfer a 4096bit data block from the initiating client to the serving client (I'll refer to them as C/S where their role is appropriate, but keep in mind there is no real "server".. much like gnutella or similar systems, every client is a server, and every server a client.) to serve as a master key. The first N bits are used depending on which cipher is negotiated/selected, up to the max supported by my implementation of each cipher. Now, my main question about D/H is quite simple.. what is considered a "good" size for the prime and primitive used, in bits? Obviously something somewhat large, but how large is large enough? 64bits? Less or more? I can't find much information on this anywhere, and my copy of Applied Cryptography (2nd ed.) while covering D/H in detail, doesn't even mention this. An aside is that I'm writing the application in Delphi 5, and the maximum native supported integer sizes are 32bit unsigned, and 64bit signed.. I've been writing a math library of my own in assembler that at compile time will allow you to specify the maximum bitsize you want it to support, but this is proving to be a mind-numbing task.. ;) If anyone is familiar with Delphi and has any libraries like this already, I'd much appreciate hearing about them.. or even some a web resource or paper Real Book (tm) resource that explains in abstract terms how to go about something like this would be appreciated. I had more to write.. but I'm exhausted.. fun crypting to everyone.. ;) - -------signature file------- "'There comes a time when the operation of the machine becomes so odious, makes you so sick at heart, that you can't take part; you can't even passively take part, and you've got to put your bodies upon the gears and upon the wheels, upon the levers, upon all the apparatus, and you've got to make it stop. And you've got to indicate to the people who run it, to the people who own it, that unless you're free, the machine will be prevented from working at all!" - -Mario Savio- Founder of the Free Speech Movement. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBObcdUGvp1znMxX/XEQJ5RgCg0Z373RKrBi7fdVYgpUkulwmWcgUAoOia FifEVZ1Wp7PPH/XwBMeMCsID =kn5M -----END PGP SIGNATURE-----