Profile

unixronin: Galen the technomage, from Babylon 5: Crusade (Default)
Unixronin

Links

December 2012

S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

Navigation

Page Summary

Most Popular Tags

Expand Cut Tags

No cut tags

Geekish Things

unixronin: A somewhat Borg-ish high-tech avatar (Techno/geekdom)
[personal profile] unixronin
Tuesday, February 3rd, 2009 11:04 pm

I successfully added a proof-of-concept implementation of client-to-client encryption over the ICB protocol into ICBM, my threaded Perl ICB client, this evening.  Just because I can, and because I can learn a little doing it.  What makes this a little more challenging is that the ICB protocol is an ASCII protocol with a 255-character packet size limit (before subtracting overhead), and it's not 8-bit clean.  (That's not a major handicap, as it just means adding an extra step to ASCII-armor the ciphertext, but it does reduce transport efficiency.  Then again, I'm probably gaining more efficiency from compressing the plaintext before encryption than I'm losing from armoring the ciphertext.)

I still need to design the key management part of the encryption feature, but I have a little better idea of how I'm going to handle that now.  For obvious reasons, encryption is only supported on private messages.

  • Current Mood: Because I Can
  • Current Location: Gilford, New Hampshire
Tags:
Flat | Top-Level Comments Only

[identity profile] skellington.livejournal.com
Wednesday, February 4th, 2009 04:01 pm (UTC)
To deal with a man in the middle attack, you either have to go with signed keys, or transfer the keys via a different mechanism. Whee party fun! :-)

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Wednesday, February 4th, 2009 04:38 pm (UTC)
Yeah, to be properly rigorous about it. I'm thinking it should probably have to be the user's responsibility to obtain a gpg keyid via other means for users you want to be able to exchange encrypted messages with.

I'm not HUGELY concerned about it right now because it's really only an academic exercise anyway.

[identity profile] cipherpunk.livejournal.com
Wednesday, February 4th, 2009 04:53 pm (UTC)
For those of us who know nothing about ICB... what is it? Why is it useful? Who uses it?

ext_85396: (Default)
[identity profile] unixronin.livejournal.com
Wednesday, February 4th, 2009 06:29 pm (UTC)
ICB can be thought of, as a good first approximation, as IRC Lite on standalone servers. It's not widely used, but is useful for setting up small, standalone internal chat systems. Cygnus Solutions ran its own ICB server, and I believe Red Hat still does. The ASCII protocol is simplistic, but makes it fairly difficult to attack the server through the protocol. There was a buffer-overflow vulnerability that showed up about ten years ago - a client hostname in excess of 128 characters could crash the server - but aside from that it's been pretty robust.

(Despite, or possibly in part thanks to, the best efforts of several groups of ne'er-do-wells¹ to break it.)

[1] If memory serves, there was one group in the vicinity of UWM, and one somewhere in the Midwest. They probably went on to try to smash other things.
Flat | Top-Level Comments Only