mircryption-compatible script for irssi

[Gothi[c]]

[ Invalid Attachment ]

I created an irssi script that lets you use mircryption (and FiSH) compatible encryption.
It supports both ecb and cbc modes.

You could already use FiSH with irssi, which is compatible with mircryption, but it has some security problems (and is generally written very sloppy, not to mention it's a pain to compile/install), hence the new effort.

Getting plain ecb to work was easy, but there was some serious debugging to do trying to resolve a weirdness/limitation/bug in perl's Crypt::CBC cpan module. (which mouser pretty much resolved for me-- THANKS!!)

Click to get the script.

[gjehle]

nice one!

does it also support DH1080 key exchange?
if there's a perl module for that (i'm pretty sure there is one somewhere) that would be awesome.

afaik it's fairly easy to port irssi scripts to xchat,
that way we could possibly phase-out the current xchat plugin written in c++ in favor of a (somewhat / possibly) unified perl version

the (unofficial) c++ version that does DH1080 depends on openssl, which i'd love to change.
a perl script would also be easier to port to windows and mac, since no compilation would be needed.
this is actually one of the reasons the dh1080 is still unofficial, since i haven't managed to find the time to properly integrate and test it on the three major platforms.

what're your thoughts on that gothi[c]?

[mouser]

This is so cool -- I get regularly asked for an irssi plugin that can do mircryption and i always had to say no -- people are going to be happy to see this.  Really nice.


For those with some technical interest:

Gothic and I spent a few hours actually getting the CBC encryption mode to work.. It was really an interesting mystery solving experience.. It's amazing how little incompatibilities creep in with these things.. there are so many different ways to do everything, and using one person's code to do encryption and another persons code to do decryption, even when there is a standard, can be nervewracking.

Perl use a clever module "Crypt-CBC" that basically oversees the creation of an object to do CBC encryption using different cipher algorithms.  Well, blowfish (which is used in mircryption), is somewhat unusual in that it can accept a variable length key.  The Crypt-CBC wrapper has code to check whether the key you pass is the length that the cipher algorithm wants.  In the case of Blowfish, the algorithm tells CBC that it wants a 448 bit key, but really this value is just the maximum length of the key that it will accept.  Crypt-CBC actually has a few options that aren't quite standard blowfish-cbc (like password hashing), which may be good ideas but makes compatibility a little tricky.  But it's the fixed 56character key length strict requirement that was causing us trouble.

What really through me was that because of the way blowfish uses the key, it seemed like we could just fill up the remaining characters to get a 56 byte key, by repeating the key (so key of "test" becomes "testtesttest.." and so on up to 56 characters).  This should work because blowfish uses the key by iterating through a loop and advancing over the key and then recycling when it gets to the end (thats how it is able to use a variable length key).  So we thought we had it figured out, gothic wrote his readme and posted it, then we tried a different key and BZZZZ it stopped working -- encryption and decryption between the irssi script and mircryption was garbled.

It turned out some keys worked and others didn't.  We pretty quickly determined that keys that were evenly divisible into 56 characters worked, others didn't.  It seemed like that clue pointed to the way we were generating the expanded 56 character key for the perl module, but it took us several hours and going through the original c++ of the blowfish algorithm (which i don't claim to understand well even after reading a couple of schneier's books), before we solved the problem.

I incorrectly assumed that there had to be a 56 byte (448bit) key equivalent of any shorter key (ie that the shorter key was being expanded to 56 characters in some fashion, explicitly or implicitly).  But this is simply not valid.  The Blowfish algorithm reuses shorter keys by wrapping around the end of the key back to the beginning as it iterates over it.  But significantly, the index it uses goes PAST 56 iterations (its more like 72).  What this means basically is that when you expand a short key to fill 56 bytes, then the first 56 iterations over a small key or an expanded key will be identical.  BUT after the 56 iteration, the short key will wrap around perfectly just as it has been doing, but the long key, if its original source key length was not divisible evenly into 56, will "wrap around" to something different.

To see why, imagine a key of 3 letters "ABC".  Now we expand that to be 56 bytes, and we get "ABCABCABCABC...ABCABCAB" so that its a repeating pattern, BUT it doesnt end at the end of the original key, so that when the blowfish algorithm wraps around at the 56th iteration we see ABCABABCABC"  and therein was the problem.

So the heart of the problem and fix is that the Crypt-CBC perl module should NOT be enforcing a fixed length 448 bit key when blowfish is used for the cipher algorithm.  It's a simple one line change in the module code.  There is also, luckily for us, a way to trick it to use the smaller key, which is what gothic does, by initializing it the object one way (at which point it checks the length), and then afterwards manually setting a flag to change the key type or length behind the back of the module.  then everything works fine. 

[gjehle]

just a short follow up.
looks like, as i expected, there's already a module doing DH-keyexchange

http://search.cpan.o...0.06/lib/Crypt/DH.pm

[mouser]

Gothi[c] released a new and much improved version of blowssi, mircryption compatible encryption for irssi today, v0.1.0.
See link in first post. 

[mayti]

Hey guys,

the following error is showing up in irssi:

Error in script blowssi:
Invalid length key at /usr/lib/perl5/Crypt/Blowfish.pm line 42.

Is there any chance to fix that?

The channel key has 64 characters with cbc enabled.

Is there a new fish version out which supports cbc?

[mouser]

because the implementation of fish and mircryption never use more than 56 characters, this script considers it an error if you try to use more -- while fish (and mircryption for mirc) just discard the extra characters.  the solution is not to use more then 56 characters in your key

fish does not support cbc mode as of last time i checked.

[mayti]

Great!
Thanks for the fast reply mouser.
That fixed it.  

Is it possible to encrypt the plaintext keys which are in the blowssi.conf
like they are in the .MircryptionKeys.txt?

On the local PC this is no problem, because the home directory is encrypted, but i make regular backups on an unencrypted flash stick.

[mouser]

i think thats a nice idea but i didnt code the blowssi version and i don't think the author is going to do it.. maybe someone else will and will contribute the code?

[mayti]

Well, thanks mouser
there is still one problem i encounter



In xchat i installed the 0.4.0 mircryption version, and irssi uses the blowssi plugin.
As you can see i can read in xchat what i write in irssi, but if i write something in xchat irsii dosen't decrypt it.
Query keys are set in both clients to cbc:test.

[mouser]

i wonder if the blowssi script is designed to see BOTH the +OK and mcps prefixes.
if not, somone needs to add that.  the blowssi coder might be able to quickly add that if you can't.

i forget if the xchat version has a way to say to use mcps as the prefix?

[mayti]

So far i can only say that the channel encryption uses also the +OK prefix and there's no problem.
Maybe Gothi[c] will know where the problem is.

Thank you so far mouser.

[Gothi[c]]

Blowssi should recognise both +OK and mcps.

# default prefix
my @prefixes = ('+OK ','mcps ');

And the last time I tested it cbc was working both ways ...
But that's a while ago.
In the mean time, someone also contributed some code for key sharing etc... I've been meaning to merge that (It's a bit messy so it needs some adjustments). Whenever I get to it, I'll make sure I re-test everything else.

I wouldn't mind implementing encryption for the keys in the config file, but I'm not sure what the point is. If it needs to be decrypted, then the encryption key should be stored somewhere (in the code or in a separate file) which would allow anyone to decrypt it easily anyway, no? Unless you store the keyfile on a separate volume maybe...

I've been busy with work and <insert random excuse here>, but i still plan to get around to all of this some day

Please use the redmine issue tracker for all of this, and create an issue ticket for each feature or problem. That at least will serve as a better reminder and help me keep track of all of this.

http://redmine.dcmem...com/projects/blowssi

[Gothi[c]]

Hi Mayti,

I just tested blowssi with mouser in both cbc and ecb, using +OK prefix AND mcps prefix and we could not duplicate the problem no matter what we did.
Perhaps you have some script that messes with the format of messages? That's the only thing I can think of right now...

[mayti]

Hi and thanks for the support Gothi[c].

Blowssi was the first script I installed so it is unlikely that other scripts interfere.
I got the xchat plugin from here.
But this problem also occurs with the original mircryption for mIRC.
It doesn't work in the querys for me. No problem with the channel decryption.

But since you couldn't repoduce the error i think the problem will be something else. (Maybe it is in front of the screen )

[Gothi[c]]

Just released blowssi 0.2.0 (finally)
http://linkerror.com...ion=download;lang=en

[housetier]

This one supports key exchange, right?

The documentation mentions /blowkeyx, however, the More detailed installation instructions from meewbies.com mentions version 0.1.0 and lack of support for key exchange.

...and just as I write this, I see it in the other announcement here on doco:

dh1080 key exchange (since 0.2.0)

I guess it is time to secure my chattings again!

[Gothi[c]]

The meewbies.com instructions might be a bit outdated since they were written for previous versions of blowssi.
KiTTy was nice enough to put up the instructions for the older versions, but hasn't been around lately to update it.
The "official" instructions are included in the archive.
Basically, you just need to install the required perl modules, drop the script in ~/.irssi/scripts and add a /load line to your ~/.irssi/startup line for it. Not much to it really