Welcome Guest.   Make a donation to an author on the site October 31, 2014, 01:43:06 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2012! Download dozens of custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: mircryption-compatible script for irssi  (Read 13232 times)
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« on: August 08, 2008, 03:06:35 AM »



I created an irssi script that lets you use mircryption (and FiSH) compatible encryption.
It supports both ecb and cbc modes.

You could already use FiSH with irssi, which is compatible with mircryption, but it has some security problems (and is generally written very sloppy, not to mention it's a pain to compile/install), hence the new effort.

Getting plain ecb to work was easy, but there was some serious debugging to do trying to resolve a weirdness/limitation/bug in perl's Crypt::CBC cpan module. (which mouser pretty much resolved for me-- THANKS!!)

Click to get the script. smiley
« Last Edit: August 08, 2008, 03:09:03 AM by Gothi[c] » Logged
gjehle
Member
**
Posts: 285



lonesome linux warrior

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: August 08, 2008, 04:50:49 AM »

nice one!

does it also support DH1080 key exchange?
if there's a perl module for that (i'm pretty sure there is one somewhere) that would be awesome.

afaik it's fairly easy to port irssi scripts to xchat,
that way we could possibly phase-out the current xchat plugin written in c++ in favor of a (somewhat / possibly) unified perl version

the (unofficial) c++ version that does DH1080 depends on openssl, which i'd love to change.
a perl script would also be easier to port to windows and mac, since no compilation would be needed.
this is actually one of the reasons the dh1080 is still unofficial, since i haven't managed to find the time to properly integrate and test it on the three major platforms.

what're your thoughts on that gothi[c]?
Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: August 08, 2008, 09:01:16 AM »

This is so cool -- I get regularly asked for an irssi plugin that can do mircryption and i always had to say no -- people are going to be happy to see this.  Really nice.



For those with some technical interest:

Gothic and I spent a few hours actually getting the CBC encryption mode to work.. It was really an interesting mystery solving experience.. It's amazing how little incompatibilities creep in with these things.. there are so many different ways to do everything, and using one person's code to do encryption and another persons code to do decryption, even when there is a standard, can be nervewracking.

Perl use a clever module "Crypt-CBC" that basically oversees the creation of an object to do CBC encryption using different cipher algorithms.  Well, blowfish (which is used in mircryption), is somewhat unusual in that it can accept a variable length key.  The Crypt-CBC wrapper has code to check whether the key you pass is the length that the cipher algorithm wants.  In the case of Blowfish, the algorithm tells CBC that it wants a 448 bit key, but really this value is just the maximum length of the key that it will accept.  Crypt-CBC actually has a few options that aren't quite standard blowfish-cbc (like password hashing), which may be good ideas but makes compatibility a little tricky.  But it's the fixed 56character key length strict requirement that was causing us trouble.

What really through me was that because of the way blowfish uses the key, it seemed like we could just fill up the remaining characters to get a 56 byte key, by repeating the key (so key of "test" becomes "testtesttest.." and so on up to 56 characters).  This should work because blowfish uses the key by iterating through a loop and advancing over the key and then recycling when it gets to the end (thats how it is able to use a variable length key).  So we thought we had it figured out, gothic wrote his readme and posted it, then we tried a different key and BZZZZ it stopped working -- encryption and decryption between the irssi script and mircryption was garbled.

It turned out some keys worked and others didn't.  We pretty quickly determined that keys that were evenly divisible into 56 characters worked, others didn't.  It seemed like that clue pointed to the way we were generating the expanded 56 character key for the perl module, but it took us several hours and going through the original c++ of the blowfish algorithm (which i don't claim to understand well even after reading a couple of schneier's books), before we solved the problem.

I incorrectly assumed that there had to be a 56 byte (448bit) key equivalent of any shorter key (ie that the shorter key was being expanded to 56 characters in some fashion, explicitly or implicitly).  But this is simply not valid.  The Blowfish algorithm reuses shorter keys by wrapping around the end of the key back to the beginning as it iterates over it.  But significantly, the index it uses goes PAST 56 iterations (its more like 72).  What this means basically is that when you expand a short key to fill 56 bytes, then the first 56 iterations over a small key or an expanded key will be identical.  BUT after the 56 iteration, the short key will wrap around perfectly just as it has been doing, but the long key, if its original source key length was not divisible evenly into 56, will "wrap around" to something different.

To see why, imagine a key of 3 letters "ABC".  Now we expand that to be 56 bytes, and we get "ABCABCABCABC...ABCABCAB" so that its a repeating pattern, BUT it doesnt end at the end of the original key, so that when the blowfish algorithm wraps around at the 56th iteration we see ABCABABCABC"  and therein was the problem.

So the heart of the problem and fix is that the Crypt-CBC perl module should NOT be enforcing a fixed length 448 bit key when blowfish is used for the cipher algorithm.  It's a simple one line change in the module code.  There is also, luckily for us, a way to trick it to use the smaller key, which is what gothic does, by initializing it the object one way (at which point it checks the length), and then afterwards manually setting a flag to change the key type or length behind the back of the module.  then everything works fine.  thumbs up
Logged
gjehle
Member
**
Posts: 285



lonesome linux warrior

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: August 17, 2008, 11:58:28 AM »

just a short follow up.
looks like, as i expected, there's already a module doing DH-keyexchange

http://search.cpan.org/~b...t-DH-0.06/lib/Crypt/DH.pm
Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: July 11, 2009, 10:07:47 PM »

Gothi[c] released a new and much improved version of blowssi, mircryption compatible encryption for irssi today, v0.1.0.
See link in first post.  thumbs up
Logged
mayti
Participant
*
Posts: 5


View Profile Give some DonationCredits to this forum member
« Reply #5 on: November 01, 2010, 06:08:51 AM »

Hey guys,

the following error is showing up in irssi:

Quote
Error in script blowssi:
Invalid length key at /usr/lib/perl5/Crypt/Blowfish.pm line 42.

Is there any chance to fix that?

The channel key has 64 characters with cbc enabled.

Is there a new fish version out which supports cbc?


Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: November 01, 2010, 06:14:04 AM »

because the implementation of fish and mircryption never use more than 56 characters, this script considers it an error if you try to use more -- while fish (and mircryption for mirc) just discard the extra characters.  the solution is not to use more then 56 characters in your key smiley

fish does not support cbc mode as of last time i checked.

Logged
mayti
Participant
*
Posts: 5


View Profile Give some DonationCredits to this forum member
« Reply #7 on: November 01, 2010, 06:53:44 AM »

Great!
Thanks for the fast reply mouser.
That fixed it.   Grin

Is it possible to encrypt the plaintext keys which are in the blowssi.conf
like they are in the .MircryptionKeys.txt?

On the local PC this is no problem, because the home directory is encrypted, but i make regular backups on an unencrypted flash stick.
Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: November 01, 2010, 12:55:35 PM »

i think thats a nice idea but i didnt code the blowssi version and i don't think the author is going to do it.. maybe someone else will and will contribute the code?
Logged
mayti
Participant
*
Posts: 5


View Profile Give some DonationCredits to this forum member
« Reply #9 on: November 01, 2010, 01:13:56 PM »

Well, thanks mouser
there is still one problem i encounter



In xchat i installed the 0.4.0 mircryption version, and irssi uses the blowssi plugin.
As you can see i can read in xchat what i write in irssi, but if i write something in xchat irsii dosen't decrypt it.
Query keys are set in both clients to cbc:test.
Logged
mouser
First Author
Administrator
*****
Posts: 33,613



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: November 01, 2010, 02:42:38 PM »

i wonder if the blowssi script is designed to see BOTH the +OK and mcps prefixes.
if not, somone needs to add that.  the blowssi coder might be able to quickly add that if you can't.

i forget if the xchat version has a way to say to use mcps as the prefix?
Logged
mayti
Participant
*
Posts: 5


View Profile Give some DonationCredits to this forum member
« Reply #11 on: November 01, 2010, 03:20:48 PM »

So far i can only say that the channel encryption uses also the +OK prefix and there's no problem.
Maybe Gothi[c] will know where the problem is.

Thank you so far mouser.
« Last Edit: November 01, 2010, 03:22:39 PM by mayti » Logged
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #12 on: November 05, 2010, 07:43:34 PM »

Blowssi should recognise both +OK and mcps.

Quote
# default prefix
my @prefixes = ('+OK ','mcps ');

And the last time I tested it cbc was working both ways ...
But that's a while ago.
In the mean time, someone also contributed some code for key sharing etc... I've been meaning to merge that (It's a bit messy so it needs some adjustments). Whenever I get to it, I'll make sure I re-test everything else.

I wouldn't mind implementing encryption for the keys in the config file, but I'm not sure what the point is. If it needs to be decrypted, then the encryption key should be stored somewhere (in the code or in a separate file) which would allow anyone to decrypt it easily anyway, no? Unless you store the keyfile on a separate volume maybe...

I've been busy with work and <insert random excuse here>, but i still plan to get around to all of this some day smiley

Please use the redmine issue tracker for all of this, and create an issue ticket for each feature or problem. That at least will serve as a better reminder and help me keep track of all of this.

http://redmine.dcmembers.com/projects/blowssi
Logged
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #13 on: November 05, 2010, 11:01:19 PM »

Hi Mayti,

I just tested blowssi with mouser in both cbc and ecb, using +OK prefix AND mcps prefix and we could not duplicate the problem no matter what we did.
Perhaps you have some script that messes with the format of messages? That's the only thing I can think of right now...
Logged
mayti
Participant
*
Posts: 5


View Profile Give some DonationCredits to this forum member
« Reply #14 on: November 08, 2010, 01:07:14 PM »

Hi and thanks for the support Gothi[c].

Blowssi was the first script I installed so it is unlikely that other scripts interfere.
I got the xchat plugin from here.
But this problem also occurs with the original mircryption for mIRC.
It doesn't work in the querys for me. No problem with the channel decryption.

But since you couldn't repoduce the error i think the problem will be something else. (Maybe it is in front of the screen )
Logged
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #15 on: January 03, 2011, 09:51:44 PM »

Just released blowssi 0.2.0 (finally)
http://linkerror.com/blow...?section=download;lang=en
Logged
housetier
Charter Honorary Member
***
Posts: 1,321


see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #16 on: March 31, 2011, 04:24:44 AM »

This one supports key exchange, right?

The documentation mentions /blowkeyx, however, the More detailed installation instructions from meewbies.com mentions version 0.1.0 and lack of support for key exchange.

...and just as I write this, I see it in the other announcement here on doco:

Quote
dh1080 key exchange (since 0.2.0)

I guess it is time to secure my chattings again! smiley
Logged
Gothi[c]
DC Server Admin
Charter Honorary Member
***
Posts: 857



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #17 on: March 31, 2011, 02:47:55 PM »

The meewbies.com instructions might be a bit outdated since they were written for previous versions of blowssi.
KiTTy was nice enough to put up the instructions for the older versions, but hasn't been around lately to update it.
The "official" instructions are included in the archive.
Basically, you just need to install the required perl modules, drop the script in ~/.irssi/scripts and add a /load line to your ~/.irssi/startup line for it. Not much to it really smiley

Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.041s | Server load: 0 ]