Much happened this week. If you feel like a conversation, join me on #cypherpunks on EFnet. --Lucky, who was going to go to a party, but who's clutch gave up. --Lucky Green <shamrock@netcom.com> PGP encrypted mail preferred. DES is dead! Please join in breaking RC5-56. http://rc5.distributed.net/
At 11:03 pm -0400 on 6/19/97, Lucky Green wrote:
Much happened this week. If you feel like a conversation, join me on #cypherpunks on EFnet.
Hey, folks, Is there an encrypted IRC available? If not, shouldn't there be? Is such a thing even possible? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
Robert Hettinga <rah@shipwright.com> writes:
Is there an encrypted IRC available? If not, shouldn't there be? Is such a thing even possible?
You'd have to think about what you wanted it to do, but it should be quite doable. IRC is normally for sharing conversations between an amorphous, changing bunch of people, which isn't really a standard thing to do with crypto. But I can see several basic models: 0) Just Speak Finnish :-) 1) Two-person, with Diffie-Hellman key exchange 2) N-person shared-key - you'd probably use RSA to give the session key to each new participant, or use PGP to do it. 3) N person, one key per sender, shared as above. 4) Ignore the application layer, and build the crypto as an IPsec tunnel. 5) Ignore the IRC protocols, and build a similar conversation server using web forms and SSL. Some tools you'd want`for 1-3: a) Convenient cut&paste between the IRC makes integrating things easier, such as key exchange, e.g. drop in a PGP message with today's key. b) The ability to mix encrypted and unencrypted messages, so it's easier to do things like join the channel and negotiate keys. c) A crypto operating mode that doesn't depend on sequence - probably a line basis is about right. ECB mode is boring and unsafe, but you could use a session key (distributed with RSA/DH/etc.) to encrypt a per-line nonce key, and encrypt the line with the nonce, transmitting "encryptednonce, encryptedline" for each line of data. Perhaps this is less secure (?), but can you do something like linekey = Hash( Hash(sessionkey, nonce), sessionkey ) transmitting "nonce, encryptedline"? This would let you use a hash instead of a symmetric crypto for the key on each line, and might make it more convenient to choose a stream cypher such as RC4/160 instead of a slower block cypher such as IDEA or DES for the line encryption. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
In article <Pine.BSI.3.95.970622053011.19903A-100000@alpha>, John A. Perry <perry@alpha.jpunix.com> wrote:
I believe it uses the crypt(3) function for encryption.
It can't use crypt(3), as that's more of a hash function than a cipher, and one would hope it doesn't use crypt(1) (though I wouldn't be very surprised). - Ian
At 03:31 PM 6/21/97 -0400, Nelson Minar wrote:
I don't know any more what mailing lists I should use. Coderpunks? Cryptography? Cypherpunks? DCSB?
I'd posted my mail to cypherpunks and cryptography, so I'm forwarding yours there.
It already exists. IRC includes the "DCC" protocol - direct client to client communication. It's mostly for exchange of files (read: pornography), but you can also use it for chat or, even better, encrypted chat. It's like a /msg except that the servers are never involved, it's directly between two clients.
The DCC stuff isn't very standardized, so I don't know how interoperable it all is. I believe that IRCII, the Unix client, has something in it along the lines of DES with secret keys.
# Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
On Sat, 21 Jun 1997, Bill Stewart wrote:
Robert Hettinga <rah@shipwright.com> writes:
Is there an encrypted IRC available? If not, shouldn't there be? Is such a thing even possible?
You'd have to think about what you wanted it to do, but it should be quite doable. IRC is normally for sharing conversations between an amorphous, changing bunch of people, which isn't really a standard thing to do with crypto.
Actually a simple form of encryption is available. There is a plug-in to eggdrop called wire. I have used it in my eggdrop bot on #remailop and it has worked well. Basically you log into the bot with a /dcc chat and then execute .wire <key> where <key> is a mutually agreed upon key. Then to send encrypted chats to others that have connected with the same key, each line that you type needs to be preceded with a ";". I'll fire it up if you want to look at it. Go to any EFnet server, check in and then go to channel #remailop. Say hello to rops and then check in. I believe it uses the crypt(3) function for encryption. John Perry KG5RG perry@alpha.jpunix.com PGP-encrypted e-mail welcome! Amateur Radio Address: kg5rg@kg5rg.ampr.org WWW - http://www.jpunix.com PGP 2.62 key for perry@jpunix.com is on the keyservers.
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/applications/circ.tar.gz ? Didn't look into it too closely, but I noticed it doesn't do authentication. Leonard
Leonard Janke said:
ftp://ftp.csua.berkeley.edu/pub/cypherpunks/applications/circ.tar.gz ?
Didn't look into it too closely, but I noticed it doesn't do authentication.
Circ uses 3DES for encryption and does key exchange with RSA. It runs on top of irc, and encrypts/decrypts by running a program in the backgound. There is also a standalone client. I'm not sure that authentication is wanted or needed for irc. There have been a lot of problems with people grabbing a list of everyone on irc at a given time, then e-mailing them spam or vague threats. ircd 2.9.2 implements the +a mode for channels which somehow disallows listing user information even if you are on the channel with them. -- Kevin L. Prigge | "The only thing that saves us from Systems Software Programmer | the bureaucracy is it's Enterprise Internet Services | inefficiency." - Eugene McCarthy University of Minnesota |
participants (8)
-
3umoelle@informatik.uni-hamburg.de -
Bill Stewart -
iang@cs.berkeley.edu -
janke@unixg.ubc.ca -
John A. Perry -
Kevin L Prigge -
Lucky Green -
Robert Hettinga