[Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption meth

weechat-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption meth

From:	anonymous
Subject:	[Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption method
Date:	Tue, 16 Apr 2013 06:51:02 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0

URL:
  <http://savannah.nongnu.org/bugs/?38749>

                 Summary: [PATCH] Implement DH-AES SASL encryption method
                 Project: WeeChat
            Submitted by: None
            Submitted on: Tue 16 Apr 2013 06:51:00 UTC
                Category: irc plugin
                Severity: 3 - Normal
              Item Group: irc protocol
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Elizabeth Myers
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: other
                IRC nick: Elizacat

    _______________________________________________________

Details:

Hello,

I have implemented DH-AES (one of the intended successors to DH-BLOWFISH)
support in WeeChat. It has been added to Atheme and tested with such.

DH-BLOWFISH is no longer recommended, as Blowfish suffers from certain classes
of weak keys and is not exactly easy to mitigate with DH negotiation (it would
require verifying that the key is not a weak key and generating a new random
value if it is). The original author of Blowfish, Bruce Schneier, also advises
against using Blowfish and suggests using a different cipher.

As its initial DH parameters parsing is the same as DH-BLOWFISH, I have
separated that into a function to be used as common code in DH-BLOWFISH and
DH-AES. However, the padding scheme (16 vs 8 bytes), data encrypted (both
username and password rather than just the password), packing scheme (IV is
placed where the username used to be, since that is sent encrypted), and
obviously cipher (AES-{128,192,256}-CBC), are all totally different.

Services-side reference implementation is at
https://github.com/atheme/atheme/blob/master/modules/saslserv/dh-aes.c



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 16 Apr 2013 06:51:00 UTC  Name:
0001-Implement-DH-AES-encrypted-password-scheme.patch  Size: 16kB   By: None
Patch implementing DH-AES support.
<http://savannah.nongnu.org/bugs/download.php?file_id=27889>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?38749>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption method, anonymous <=

Prev by Date: [Weechat-dev] [task #12576] Add tag for "back on server" messages in queries
Next by Date: [Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption method
Previous by thread: [Weechat-dev] [task #12576] Add tag for "back on server" messages in queries
Next by thread: [Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption method
Index(es):
- Date
- Thread