IRCC 0.34 mod : enhanced Vigenere chat encryption

KoOS network development
  • Some parts of our discussion with hidnplayr about this encryption
    Spoiler:
    hidnplayr wrote:I understand that the cipher type was chosen for it's ease of implementation. However I don't believe it's very safe against modern attacks (dictionary?)
    Yes, you are right - not only its a Vigenere, its implemented without those extra ideas which could have made this weak-by-the-modern-standards-cipher at least slightly stronger. To be honest its more like a "demo encryption" ; much more valuable is how these "crpt/dcrpt" functions have been integrated to your program. At the moment I'm not sure if I would be able to complete all this encryption stuff by myself, so maybe if this "demo encryption" together with its' "interfaces" would be accepted to IRCC its' current shape, if I would be unable to do it by myself, maybe some other people would continue this work and replace the "crpt/dcrpt" functions with some stronger cipher
    hidnplayr wrote:Also, quite some work has gone into making IRCC UTF8 capable, it would be better if we could keep it that way
    True; I didn't implement UTF8 support because its a bit tricky for that Vigenere (wanted to conceal the Russian letters like I wrote in my previous message, but it required adding the complexity I didn't have time for; and also - if a Vigenere would be replaced by another cipher, then this work might turn out as not-needed)
    hidnplayr wrote:How do other clients implement end to end encryption? It would be nice to support some existing protocol so we can chat to existing clients as well..
    My goal is to try to achieve a secure communication between two Kolibri IRCC clients, for this usecase: people could put Kolibri floppy image inside their freshly-built coreboot open source BIOS, and they are able to launch Kolibri with its IRCC client right from the BIOS and communicate with each other securely without using HDD's OS. Those who aren't using Kolibri as their main OS, could run it inside the virtual machine to use its' IRCC client, but there's an added security risk: since the host OS could access all the memory of virtual machine, it could also extract the encryption keys and decrypted messages, and even the keyboard keys pressed by a user

    Maybe I'm a bit paranoid, but I think there could be weaknesses/backdoors inside the "popular encryption", hidden at some very deep mathematical level and not inside the specific implementation of an algorithm. Also there are cases when the "popular encryption" is weakened for one reason or another: e.g. Serpent didn't won AES contest despite being stronger than Rijndael, just because Rijndael was faster to encrypt/decrypt...
    Feedback from hidnplayr regarding the better-encryption-for-IRCC ideas
    Spoiler:You seem to be concerned about the data which is available on the wire. (Ethernet)
    You cannot possibly hide this data, so any effort on this front seems silly to me. A better approach will be to use SSL/TLS, which most of the public IRC servers today support.
    This will only encrypt traffic between the client and server, and not per se to the other client(s).
    To solve this completely, and additional cipher, on the protocol level, such as the one you implemented may be used.

    I just did some research, and one popular system seems to be "Mircryption" (http://www.donationcoder.com/software/m ... ircryption)
    It encodes the bytes and sends it as base64 string to the server. Too bad they used an by now also outdated encryption algorithm: blowfish.
    However, I think this is the way to go, and still believe this "Mircryption" would be nice to have

    May you decide to take this on as a challenge, here are some thing that might help you on the way:
    https://programmer209.wordpress.com/201 ... mentation/ (blowfish encrypt/decrypt in fasm)
    http://websvn.kolibrios.org/listing.php ... 6273e96c69 (kolibrios hash and crypto lib)
    http://websvn.kolibrios.org/filedetails ... 2Fhttp.asm (base64 encode in fasm in HTTP library)
    https://board.flatassembler.net/topic.php?p=68697 (base64 encode/decode in fasm)

    Using blowfish in CBC mode will definitely be more secure then Vigenere, allows UTF8 and at least is some standard.
    Last is good because it doesn't rely on 'security through obscurity' and you can talk to other people besides yourself :)

    This page has some good information about currently existing methods and a proposal for a new one
    http://blog.bjrn.se/2009/01/proposal-fo ... ption.html
  • viewtopic.php?f=2&t=3736 - Example of using TLS-Library parts for generating PRNG numbers

    viewtopic.php?f=2&t=3735 - (rus) Functions-"sources of entropy" for a quality RNG

    This stuff has been used for improving the encryption strength of Vigenere:

    expand user message with the random generated chars to fill all the 64 bytes
    ( max length of user message while in " /crpt " mode, equal to CRPT_KEY_LEN length of encryption key )
    and then shift user message "clockwise" (right shift) to a random offset

    The original message

    Code: Select all

    Hello friend, how areyou doing?
    could be transformed to

    Code: Select all

    1'-4{r>f1A8:i1Hello friend,how areyou doing?fi2r!9Y1g'1q`0fA:sD3
    before its' encryption; still easy to read for recipient, but the resulting ciphertext should be harder to crack.

    However, user could always enable/disable these improvements by " /expd " and " /shft " commands

    During the development I'm using ./update_ircc_in_kolibri.sh script to quickly update my modded IRCC archive inside a floppy:

    Code: Select all

    #!/bin/bash
    cd ~
    rm ./ircc_0.31_vigenere_13july2018.7z
    7z a -m0=Deflate ./ircc_0.31_vigenere_13july2018.7z ./ircc_0.31_vigenere_13july2018/
    sudo mount -o loop kolibri_r7300_vigenere.img /mnt
    sudo rm /mnt/IRCC/ircc_0.31_vigenere_13july2018.7z
    sudo cp ~/ircc_0.31_vigenere_13july2018.7z /mnt/IRCC/
    sudo umount /mnt
    Before launching this script, make sure that nobody is using the floppy .img file. If a virtual machine is running, close it
  • Release of kolibri-r7583_2019-FEB-05 with ircc_0.31_vigenere_13july2018.7z inside of it:

    Code: Select all

    d0323b8d092c42a128468b4bed5c17848c3268bab621af4da2eab007b65a0dc5  ./kolibri_r7583_vigenere.zip
    ^^^---> 4ef3061141384ac167f8085aaa89208cd50d840f1da081dafcf8cd8e14e074c1  ./kolibri_r7583_vigenere.img
    See the usage instructions at post above - viewtopic.php?f=11&t=3734&p=72748#p70874
    Attachments
    SHA256 = d0323b8d092c42a128468b4bed5c17848c3268bab621af4da2eab007b65a0dc5
    Downloaded 705 times
  • FINALLY... a new release of kolibri_r9977_vigenere.img floppy with ircc_r9977_vigenere.7z inside of it:

    Code: Select all

    658bb9c86371533846891756309834fcac3854c0538fdefa8f1060737f01d106  ./kolibri_r9977_vigenere.zip
    ^^^--->
    318566f0000dfdb5947c5c5eeb429d98b9381279e2782321080afc141d7419d0  ./IRCC
    750c1b785ad5f2a25e0b432fc8593764fd4621d856dd766f86f28d2861604eeb  ./ircc_r9977_vigenere.7z
    cdce2283754a21dc9b3e8537b6acd7ef52047d48e57d9d90f260a3d3c074e2b0  ./kolibrios_r9977_ircc-fix-chars.patch
    dd6619b6f2ccb6698322f4a93b28f4ddf7ae19ffb9f0d1d59e0d1dd20930446c  ./kolibrios_r9977_ircc-vigenere.patch
    ed5ef330eaada5fa4ed585859654e4bda3ca3eefd817e891bd0fe3454e47078c  ./kolibri_r9977_vigenere.img
    ce9b73a785ca2e813e4a292c4fcd0ea8c9838d3bb5cd61cb235993766e6a31cd  ./README.txt
    Changes:

    1) KolibriOS floppy upgraded to r9977 version, i.e. it has a working driver by hidnplayr for QCA8172 Ethernet controller of G505S laptop supported by the opensource coreboot BIOS (and without Intel ME / AMD PSP backdoors inside its CPU) - http://dangerousprototypes.com/docs/Lenovo_G505S_hacking
    2) As a part of this upgrade to r9977, IRCC client has been upgraded from 0.31 to 0.34 version
    3) On top of r9977, I apply two patches: ircc-fix-chars.patch (more info here) and ircc-vigenere.patch of this thread, rebased for a new IRCC version
    4) Now you can just go to main menu and launch this modded IRCC - but I still include the source code archive, so the old instructions still work
    5) To make enough room for this stuff, I had to remove the following games: Kosilka, Xonix, Snake, Pipes, Tanks, Rforces, Descent
    Attachments
    SHA256 = dd6619b6f2ccb6698322f4a93b28f4ddf7ae19ffb9f0d1d59e0d1dd20930446c
    Downloaded 249 times
    SHA256 = cdce2283754a21dc9b3e8537b6acd7ef52047d48e57d9d90f260a3d3c074e2b0
    Downloaded 137 times
    SHA256 = 750c1b785ad5f2a25e0b432fc8593764fd4621d856dd766f86f28d2861604eeb
    Downloaded 125 times
    SHA256 = ed5ef330eaada5fa4ed585859654e4bda3ca3eefd817e891bd0fe3454e47078c
    Downloaded 214 times
  • Who is online

    Users browsing this forum: No registered users and 1 guest