Blowfish Encryption Draft » History » Version 28
johu, 07/29/2010 04:34 AM
update for dh1080
| 1 | 1 | johu | h1. Blowfish Encryption |
|---|---|---|---|
| 2 | 1 | johu | |
| 3 | 2 | johu | {{toc}} |
| 4 | 2 | johu | |
| 5 | 2 | johu | h2. Introduction |
| 6 | 2 | johu | |
| 7 | 4 | johu | Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention. Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."[1] |
| 8 | 2 | johu | |
| 9 | 5 | johu | h3. IRC Profit |
| 10 | 1 | johu | |
| 11 | 5 | johu | Blowfish can be used in IRC to encrypt messages between 2 persons in a query or messages in a channel and the topic too. |
| 12 | 1 | johu | |
| 13 | 5 | johu | h3. Examples |
| 14 | 5 | johu | |
| 15 | 5 | johu | * In XChat[2], Irssi[3] and mIRC[4] Blowfish support can be enabled with the FiSH plugin[5]. |
| 16 | 5 | johu | * Konversation[6] has a built in Blowfish support |
| 17 | 5 | johu | |
| 18 | 8 | johu | h2. Development |
| 19 | 1 | johu | |
| 20 | 5 | johu | h3. Related Issues |
| 21 | 2 | johu | |
| 22 | 25 | johu | * #689 Blowfish Support (since 28.10.2010 in upstream available) |
| 23 | 18 | johu | * #911 DH1080 Key Exchange |
| 24 | 5 | johu | * -#61- Encrypted query (closed, will not implemented) |
| 25 | 5 | johu | |
| 26 | 6 | johu | h3. Repository |
| 27 | 6 | johu | |
| 28 | 6 | johu | The current development state can be found at http://gitorious.org/~johu/quassel/johus-quassel |
| 29 | 6 | johu | |
| 30 | 6 | johu | > *Get the source* |
| 31 | 23 | Datafreak | <pre><code>git clone git://gitorious.org/~johu/quassel/johus-quassel.git |
| 32 | 28 | johu | git checkout -b dh1080 -t origin/dh1080</code></pre> |
| 33 | 1 | johu | |
| 34 | 15 | johu | h3. TODO |
| 35 | 15 | johu | |
| 36 | 25 | johu | * -Include QCA in build system- Tested in Linux Windows; Need support for *MaxOSX testing* |
| 37 | 15 | johu | * -Cipher implemention- Class imported from Konversation, should works |
| 38 | 15 | johu | * -include cipher in IrcUser and IrcChannel- |
| 39 | 15 | johu | * -store keys for channel and user in Network- |
| 40 | 26 | johu | * -commands setkey, delkey implementation- |
| 41 | 17 | johu | * -encrypt topic- |
| 42 | 16 | johu | * -decrypt topic- |
| 43 | 17 | johu | * -encrypt channel message- |
| 44 | 1 | johu | * -decrypt channel message- |
| 45 | 15 | johu | * -encrypt query message- |
| 46 | 19 | johu | * -decrypt query message- |
| 47 | 27 | johu | * -extract howto for end user from this wiki site- |
| 48 | 1 | johu | * -gentoo ebuild- |
| 49 | 28 | johu | * command keyx |
| 50 | 28 | johu | * initiliase key exchange |
| 51 | 28 | johu | * react on key exchange |
| 52 | 15 | johu | |
| 53 | 8 | johu | h3. Library |
| 54 | 8 | johu | |
| 55 | 10 | johu | The Blowfish algorithm is implemented in the *QCA* (Qt Cryptographic Architecture)[7] library. QCA works on all plattforms there are supported by QT including Unix, Windows and MacOSX. It is already included in Quassel build system at listed repository above. |
| 56 | 10 | johu | |
| 57 | 10 | johu | h3. Commands |
| 58 | 10 | johu | |
| 59 | 10 | johu | a) setting a key for a user or channel |
| 60 | 10 | johu | |
| 61 | 10 | johu | > Usage |
| 62 | 10 | johu | <pre><code>/setkey <nick|channel> <key></code></pre> |
| 63 | 10 | johu | |
| 64 | 10 | johu | b) deleting a key for a user or channel |
| 65 | 1 | johu | |
| 66 | 1 | johu | > Usage |
| 67 | 1 | johu | <pre><code>/delkey <nick|channel></code></pre> |
| 68 | 28 | johu | |
| 69 | 28 | johu | c) key exchange for user or channel |
| 70 | 28 | johu | <pre><code>/keyx <nick|channel></code></pre> |
| 71 | 10 | johu | |
| 72 | 11 | johu | h3. Current Plan |
| 73 | 11 | johu | |
| 74 | 12 | johu | After short discussion in #quassel.de with Sput, krytzz and brot Blowfish encryption will be included in core. See section discussion below for more information. The only contra argument is the unsecure path between remote core and clientvin a untrusted net in case of no ssl connection is present. But the pro argument preponderate to strong. So i will revert the first plan to implement the de-/encryption in client. |
| 75 | 12 | johu | |
| 76 | 12 | johu | The other result of this discussion is this wiki article. |
| 77 | 11 | johu | |
| 78 | 7 | johu | h3. Discussion |
| 79 | 7 | johu | |
| 80 | 7 | johu | There are two possible ways to implement Blowfish support in Quassel architecture: |
| 81 | 1 | johu | |
| 82 | 11 | johu | *a) Client side de-/encryption* |
| 83 | 7 | johu | |
| 84 | 7 | johu | !client_deencryption.png! |
| 85 | 1 | johu | |
| 86 | 11 | johu | All messages will be de-/encrypted on client side. |
| 87 | 11 | johu | |
| 88 | 11 | johu | *Pro* |
| 89 | 13 | johu | * the complete path of messages from one client to an other is encrypted |
| 90 | 13 | johu | * core have nothing to do |
| 91 | 11 | johu | |
| 92 | 11 | johu | *Contra* |
| 93 | 13 | johu | * Messages in backlog will be encrypted, that implies on receiving backlog all encrypted messages have to decrypt |
| 94 | 13 | johu | * If key for a channel/user changed, old messages will stay decrypted |
| 95 | 11 | johu | |
| 96 | 14 | johu | *b) Core side de- and encryption* |
| 97 | 7 | johu | |
| 98 | 1 | johu | !core_deencryption.png! |
| 99 | 11 | johu | |
| 100 | 11 | johu | All messages will be de-/encrypted on core. |
| 101 | 11 | johu | |
| 102 | 11 | johu | *Pro* |
| 103 | 13 | johu | * Backlog contains all decrypted messages |
| 104 | 13 | johu | * Client do not need to decrypt on receiving backlog |
| 105 | 13 | johu | * Key change doesnt matter |
| 106 | 13 | johu | * Fits better in Quassel architecture |
| 107 | 11 | johu | |
| 108 | 11 | johu | *Contra* |
| 109 | 13 | johu | * The path between a core and client is unsecured if SSL is not enabled and it is not a monolitic build. |
| 110 | 7 | johu | |
| 111 | 24 | johu | h3. Build Instructions |
| 112 | 24 | johu | * [[Build_Quassel_on_Windows]] |
| 113 | 20 | Datafreak | |
| 114 | 1 | johu | h2. References |
| 115 | 1 | johu | |
| 116 | 1 | johu | [1] http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 |
| 117 | 5 | johu | [2] http://xchat.org/ |
| 118 | 5 | johu | [3] http://irssi.org/ |
| 119 | 5 | johu | [4] http://www.mirc.com/ |
| 120 | 5 | johu | [5] http://fish.secure.la/ |
| 121 | 1 | johu | [6] http://konversation.kde.org/ |
| 122 | 8 | johu | [7] http://delta.affinix.com/qca/ |