home *** CD-ROM | disk | FTP | other *** search
-
- this is a tinyirc client (client not written by me)
- but I added in encryption.. Right now encryption is
- done in DES for messages and RSA for key exchange.
-
- To set it up, unarchive (you probably already did this)
- then type :
- (you should be in the 'irc' dir at this point)
- make sock
- this should make a program called 'sock'
-
- now you need to go into the RSA directory and make yourself
- a keypair.
-
- cd RSA
- make genrsa
- make genprim
- genrsa
-
- this makes two files 'public' and 'secret'. You need to install
- these:
- mv secret ..
- mv public ../<yournick>
- cd ..
-
- and give out your public key to everyone you want to talk to.
- This lets them send their key to you.
-
- You must send them your public key *BEFORE* you start talking
- to them on irc. You can do this with mail or with /dcc on
- a normal irc client, or any other way you wish.
-
- You must also receive keys for the people you wish to talk to
- *BEFORE* running the program! These should be in the same
- directory as 'sock' and have they same filename as the
- other person's nickname. So by this point you should have:
- your friends key in a file named after their nickname
- your key in a file called 'secret'
- a binary named 'sock'
- all in the same directory.
-
- I have supplied a number of public keys from me and my friends.
- These are in the directory irc/pubkeys/*. If you wish to
- use any of them copy them into the same directory as you
- have 'sock' in:
- cp pubkeys/* .
-
- run sock:
- sock
-
- join the same channel as your friend you wish to talk to:
- /join #channel
-
- send them your key, this lets them read any message typed by
- you (note you have to be in the same channel as them)
- /key <your friend>
-
- your friend will receive your key, and now everything you type
- can be read by him. In order to send your key to your friend
- you must have the file <your friend> in your directory that
- is <your friend>'s public key. He must have the matching
- secret key in the file 'secret' in his directory. If your
- friend changes nick's and the filename of his key isnt the
- same as his nick you can specify the file:
- /key <your friend> <filename of his key>
-
- (note: this isnt working yet ^^^ will be fixed)
- thats it! Everything you type is encrypted with the same key
- which is chosen at random when you start up 'sock'. Every time
- you use sock a new key is used. Every time you want to talk to
- a new person you have to send them your key. Anyone who has
- your key can read any of your messages, so if you dont want
- people reading your messages dont give them your key. Everything
- you type is encrypted.
-
-
- some public keys are already provided in pubkeys/*
- copy them into current directory to use them.
- --------
- Weaknesses:
-
- (1) RSA key as created by 'genrsa' is not very long! It
- is crackable right now. This could be lengthened
- easily enough by modifying genrsa.c . The rest of
- the program doesnt care what length key is used.
-
- (2) You can send alot of garbage to someone's screen by
- sending out wrong key's and/or sending out bad
- data matching keys already aquired.
- possible solution: header inside of the encrypted
- data. 1 character would give a 1/256 chance of
- this attack working.
-
- (3) probably alot more I didnt think about.
-
- ----------
- Protocol:
-
- there are two types of messages, one to send keys across
- to other people, one to send across encrypted messages, all
- messages are sent to the current irc channel, not through messages
- to individual people:
-
- SKPJACK:xxxx:yyyy:zzzzz
- xxxx - the nick name of the intended recipient
- yyyy - the serial number of the key being transfered
- zzzz - ascii encoded RSA data
- messages of this format are used to send private keys (DES
- keys) to the recipient, ie /key nick.
- Messages received are ignored if xxxxx isnt our current nick.
-
- CLIPPER:xxxx:yyyy
- xxxx - the serial number of the key used to encrypt
- yyyy - the ascii encoded crypted data (DES)
- messages of this format are used to send encrypted chat
- messages. Messages received are ignored if we dont have
- the key corresponding to the serial number.
-
- ascii coding: each byte is broken into 2 nybbles (4 bits)
- and sent across as two characters, the first nybble
- is sent as hi+'a' and the second is sent as lo+'A'
- so alternate characters are always upper then lower then
- upper case and so on. (byte = hi<<4 + lo)
-
- Keys are generated randomly and each key has a random
- 32 bit serial number associated with it. The program
- uses the serial number to decided which key to decrypt
- with. The program keeps all the keys it receives.
- All messages you type are sent with your key, all messages
- you receive are decoded with the key matching the serial
- number sent with it.
-
- your key and its serial number are generated as follows:
- srand(time(0)); <-- seed random with time
- pick 8 random chars into K
- L=encrypt(K,K) <-- encrypt K with key K
- serial = (int)L <-- use this as the serial number
- pick 8 random chars int M
- N=encrypt(M,K) <-- encrypt M with key K
- N is used as your private DES key
- serial is used to keep track of N
-
- this should thward attacks trying to guess N given
- serial and possibly a good guess of time(0);
- encrypt(a,b) means encrypt a with key b in DES
- -----
- CREDITS
-
- Alot of this software was not written by me, In fact my part
- was minimal. I stole code from the following people:
-
- The basic IRC client (tinyIRC) by:
- Nathan Laredo - "Green"
- gt7080a@prism.gatech.edu
-
-
- The RSA package by: (email address is no longer valid)
-
- Martin Nicolay ( martin@trillian.megalon.de )
- Fliederstr. 23
- 4100 Duisburg 1
- W-Germany
-
- I couldn't reach him via email. I got this package via
- anon-ftp, I hope he doesnt mind use of it in this program.
-
-
- The DES package (d3des):
-
- D3DES (V5.09) -
-
- A portable, public domain, version of the Data Encryption Standard.
-
- Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge.
- Thanks to: Dan Hoey for his excellent Initial and Inverse permutation
- code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis
- Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau,
- for humouring me on.
-
- Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge.
- (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992.
-
- He says "public domain" and then later "Copyright". I assume
- he means "freely distributable, useable".
-
- If any of you are out there thanx alot! Your code is much
- appreciated.
-
-