[Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption met

weechat-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption met

From:	Sebastien Helleu
Subject:	[Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption method
Date:	Tue, 16 Apr 2013 07:14:06 +0000
User-agent:	Mozilla/5.0 (Linux; Android 4.1.2; GT-I9300 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.49 Mobile Safari/537.36

URL:
  <http://savannah.nongnu.org/patch/?8020>

                 Summary: [PATCH] Implement DH-AES SASL encryption method
                 Project: WeeChat
            Submitted by: None
            Submitted on: mar. 16 avril 2013 09:14:05 CEST
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: None
                IRC nick: 

    _______________________________________________________

Details:

Hello,

I have implemented DH-AES (one of the intended successors to DH-BLOWFISH)
support in WeeChat. It has been added to Atheme and tested with such.

DH-BLOWFISH is no longer recommended, as Blowfish suffers from certain classes
of weak keys and is not exactly easy to mitigate with DH negotiation (it would
require verifying that the key is not a weak key and generating a new random
value if it is). The original author of Blowfish, Bruce Schneier, also advises
against using Blowfish and suggests using a different cipher.

As its initial DH parameters parsing is the same as DH-BLOWFISH, I have
separated that into a function to be used as common code in DH-BLOWFISH and
DH-AES. However, the padding scheme (16 vs 8 bytes), data encrypted (both
username and password rather than just the password), packing scheme (IV is
placed where the username used to be, since that is sent encrypted), and
obviously cipher (AES-{128,192,256}-CBC), are all totally different.

Services-side reference implementation is at
https://github.com/atheme/atheme/blob/master/modules/saslserv/dh-aes.c




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/patch/?8020>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Weechat-dev] [patch #8020] [PATCH] Implement DH-AES SASL encryption method, Sebastien Helleu <=

Prev by Date: [Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption method
Next by Date: [Weechat-dev] [bug #38734] Weechat ignores/breaks messages that are too long and are written in Korean language
Previous by thread: [Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption method
Next by thread: [Weechat-dev] [bug #38757] near_server doesn't work on both sides
Index(es):
- Date
- Thread