[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption meth

From: anonymous
Subject: [Weechat-dev] [bug #38749] [PATCH] Implement DH-AES SASL encryption method
Date: Tue, 16 Apr 2013 06:51:02 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0


                 Summary: [PATCH] Implement DH-AES SASL encryption method
                 Project: WeeChat
            Submitted by: None
            Submitted on: Tue 16 Apr 2013 06:51:00 UTC
                Category: irc plugin
                Severity: 3 - Normal
              Item Group: irc protocol
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Elizabeth Myers
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: other
                IRC nick: Elizacat




I have implemented DH-AES (one of the intended successors to DH-BLOWFISH)
support in WeeChat. It has been added to Atheme and tested with such.

DH-BLOWFISH is no longer recommended, as Blowfish suffers from certain classes
of weak keys and is not exactly easy to mitigate with DH negotiation (it would
require verifying that the key is not a weak key and generating a new random
value if it is). The original author of Blowfish, Bruce Schneier, also advises
against using Blowfish and suggests using a different cipher.

As its initial DH parameters parsing is the same as DH-BLOWFISH, I have
separated that into a function to be used as common code in DH-BLOWFISH and
DH-AES. However, the padding scheme (16 vs 8 bytes), data encrypted (both
username and password rather than just the password), packing scheme (IV is
placed where the username used to be, since that is sent encrypted), and
obviously cipher (AES-{128,192,256}-CBC), are all totally different.

Services-side reference implementation is at


File Attachments:

Date: Tue 16 Apr 2013 06:51:00 UTC  Name:
0001-Implement-DH-AES-encrypted-password-scheme.patch  Size: 16kB   By: None
Patch implementing DH-AES support.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]