topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday April 28, 2024, 5:48 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - supra [ switch to compact view ]

Pages: [1]
1
Mircryption / Are the tcl encrypt functions secure?
« on: November 26, 2007, 05:01 PM »
I assume:
- aes256 > blowfish
- proven and cryptography implementations (like pgp/ssl) > own handmade implementation
- using the right tool for what it`s made > using something twisted
- the current implementation provides encryption, but no kind of authentication (an active man-in-the-middle attacker could store messages and send them later)

Just from what I read, I am not an expert.

That`s why I am about to suggesting to change the implementation off the tcl functions cbc_encrypt and cbc_decrypt.
- ssl has a lot of good cipher and is very well proven and used a lot but would be kinda overkill and only good for active sessions and not offline chats
- pgp is also not very user friendly, you have to learn to create a public and a private key and to give everyone your public key but still seams to be the most secure solution for chats if someone might be offline and the messages stored on a server
- otr looks also very interesting, although it`s not old and proven like pgp it can be very user friendly (users just have to check if a hash is ok over a pre-secure channel)

Just thoughts, discussion, no offence at all. What do you think?

2
Mircryption / tcl error handeling won`t work after using mircryption for eggdrop
« on: June 29, 2007, 05:39 PM »
I tell you how to reproduce the error.

bind pub - !prof proftest

proc proftest { args } {
   invalid_command
}
This small code is enough to show you. Now go on partyline, load the script and type !prof in any unencrypted channel. On partyline you will see Tcl error [proftest]: invalid command name "invalid_command". All ok so far.

But if you type !prof in an encrypted channel no error will be shown on the partyline.

I think this is worth to be changed.

3
Mircryption / [<time>] -nickname- ® <8 digits> / problem with nonamescript
« on: June 29, 2007, 03:50 PM »
Since I am using mircryption I see this in the server window all time. I think this comes from noname script, rather noname script lag toolbar.

[<time>] -nickname- ® <8 digits>

mircryption is loaded as frist remote script already. Any way to get ride of this other then not using nnscript or deactivating the lag toolbar?

4
Mircryption / master password, I really want to save it
« on: June 29, 2007, 02:52 PM »
I really want to store the master key (mirc). Really anoying to enter it every time. I know this is not recommend. For my own security needs this is ok. I don`t trust the irc server and the ircops, but I trust my computer. Would be fine enough to have a save password function in the next versions.

For now, I would be happy if you can tell me how I could avoid to enter the master password . Can I store it somewhere in the mirc script?

Pages: [1]