EvilZone
Hacking and Security => Hacking and Security => : bluechill September 08, 2013, 08:51:35 PM
-
So a while back we discussed the idea of adding more security to our IRCd and one of these features was PGP Encryption. Now, before we go any further, we are not going to be encrypting every single message with RSA, as that's just well terrible for many reasons, see the second answer here (http://crypto.stackexchange.com/questions/14/how-can-i-use-asymmetric-encryption-such-as-rsa-to-encrypt-an-arbitrary-length).
So now that that's out of the way, let me describe how this would work in our IRCd. This is a call-for-criticism/feedback on this as well. So feel free to ask any questions about anything involved, we want this to be secure and without adequate feedback, the likelihood of it being secure diminishes fairly drastically.
Now before we begin the algorithm, you need to know the following about the EvilZone API.
Each IRCd server will have a public-private key pair with the public part uploaded to the main web server where it will be accessible to anyone. Also, each user who wants to use public-private key encryption will need to upload their own public RSA key to the main web server. You can retrieve any public key via this API.
Algorithm:
1. Client Connects to Server over SSL
2. Client issues an 'ENCRYPT' command. The 'ENCRYPT' command tells the server that they want to begin a PGP Layer on their connection, you can only issue this command over SSL connections (although this can be changed).
3. Client sends a USER command followed by a NICK command, both encrypted with the server's public key.
4. Server uses the username parameter of the USER command to retrieve the user's public key from the EZ API.
5. Server sends 10 'KEY' Commands each with random data for the key, these key commands are encrypted with the user's public key.
6. Client randomly chooses one of those keys for the key to use for AES.
7. Client sends a 'VALIDATION' command to the server encrypted with that AES key.
8. Server tries to decrypt that 'VALIDATION' command with all the AES keys and then, once it can successfully decrypt it, uses that key for the connection.
9. Server sends a 'CONFIRMATION' command to the user encrypted with that AES key.
10. From this point on all messages are encrypted with that AES key. Everything continues like normal, and the server sends a PONG command and then it's off to the races.
At any time the server or client can send an 'ENCRYPT' command and then this process begins all over again, however, the user's username and nickname must still be the same as before. I was thinking about having this happen every five minutes in the IRCd. Also, when the algorithm is run again, the 'ENCRYPT' command is sent encrypted with the previous AES KEY, not just over the SSL connection. Also this process can be improved even more because as of RFC 2812, the USER command has an <unused> parameter and we could abuse that to specify which of the user's public-private key pairs to use.
In some respects this is a fancy version of TLS but it seems like it'd be more secure because it's specific to users and the handshake is completely secure, as in, you need data outside of the connection to determine the contents of the connection.
So basically, any connect could be upgraded to a EZ-Secure (name for this?) connection but preferably that'd happen over SSL.
Also of note, I'm going to be writing a proxy irc daemon which basically handles all this so that existing clients can still use this, furthermore, that proxy irc daemon can even add ssl support to non-ssl supporting clients. However, that irc daemon will probably only work on *nix until I get time to write a version for windows. I'm rather busy just trying to get my ircd up and running and working.
Thoughts? Questions? Criticisms? Concerns?
-
Furthermore I'm going to be writing a windows version to help with all this eventually just not until the rest of my IRCd is done.
-
Nothing wrong with extra fancy security with these new leaks going around. Also it makes EZd(?) a even more secure place for open minded discussion and events.
Possible leet noob name: aezecursa
-
Judging from what you've described, I assume that having a selection of random keys every time an ENCRYPT command is issued is a way to implement forward secrecy?
-
Judging from what you've described, I assume that having a selection of random keys every time an ENCRYPT command is issued is a way to implement forward secrecy?
I also actually was wondering about that part. Everything looks good, but what's the point of generating 10 random keys? It should be enough to generate one key. Making the client pick out of 10 different keys doesn't seem to add any important benefit to the protocol given that you anyway encrypt it with the PubK of the client (so if the PrivK is compromised it doesn't matter anymore even with 10 or 100 keys).
The AES session key isn't derived from the set of PubK/PrivK so why would it be an issue?
-
I also actually was wondering about that part. Everything looks good, but what's the point of generating 10 random keys? It should be enough to generate one key. Making the client pick out of 10 different keys doesn't seem to add any important benefit to the protocol given that you anyway encrypt it with the PubK of the client (so if the PrivK is compromised it doesn't matter anymore even with 10 or 100 keys).
The AES session key isn't derived from the set of PubK/PrivK so why would it be an issue?
Originally that wasn't always the case but now it can be just one. This is like the fourth revision and I missed that part kind of :P
-
Originally that wasn't always the case but now it can be just one. This is like the fourth revision and I missed that part kind of :P
Ah okay then.
Other than that it looks pretty good imo.
-
Has this or will this ever be implemented?
-
Has this or will this ever be implemented?
It's in my new IRCd. Not our current IRCd though
-
This was alot of months before the Heartbleed bug.
Building your OS from scratch would be probably a very bad idea. It takes teams of Devs, Designers, et-la to come up with a clone of debian or ARCH. whatever.
/THIS IS GOING OFFTOPIC. [THREAD HIJACKING]
-
This was alot of months before the Heartbleed bug.
Building your OS from scratch would be probably a very bad idea. It takes teams of Devs, Designers, et-la to come up with a clone of debian or ARCH. whatever.
/THIS IS GOING OFFTOPIC. [THREAD HIJACKING]
It wasnt off-topic, teams of dev's if your programing in Linux maybe, ARC4 is weak and how do you distribute the key's without an adversary obtaining a copy? By e-mail? Or off the forum thread?
You have to hand out key's in person or give them the same OS. The weakness is of course in the wording Public Key as in shared with the General Public. be it a third party Key-Server or posted in electronic mail.
How do you find a bug in the GCC? By running the GDB.. But here's the thing Bro, that compiler you love so much is compiled on a Z80 from the 1980's and you along with everbody else sit's there scratching your head wondering why there's so many buffer over or under runs?!
The differance between Unicode & Truetype!?!
You along with the (dot)gov are playing with what all those hackers that are all in the late 50's to 60's with grey hairs call a "dead horse!"
How many line's of code in your Kernel? 4 Million? Then of course this micro kernel compiled on another 8 bit micro-processor is of no interest to you at only 154'000 lines of code which no metasploit can lay waste to or claim. One day they might understand that the guy running the GPL - General Public License is nobodies tool.
So what's his solution, keep giving them the busted compiler, eventually they might take the hint!
-
When you talk alot, your stuff starts not to correlate. I appreciate the fact that you can throw around afew line of things you might actually have knowledge about but please, if you have anything to share [like how you are building your OS, or compiler shit], start a thread of your own and GTFO of our IRCd thread.
Thanks for being complaint, i look forward to reading interesting posts from you.
Welcome to EZ.
-
Thoughts? Questions? Criticisms? Concerns?
Thanks for your understanding, sorry - but I dont share how to build anything, that's for you to work out on your own.
Although Open Standards = Open Chips = Open Source - So sure I'll share an insight if you like.
One laptop per child, built using those open standards, with no BIOS, no UEFI, no RdRand. It's pretty self explainitory it has been since the 1970's and no it doesnt use C++ everywhere.
-
Please stay on-topic.
-
(http://www.forumspile.com/Thread-Direction.jpg)
Come on guys this is a sticky for serious discussion of the security features of the IRCd, not you two going back and fourth about unrelated matters.
[Ontopic]
Although I dont use the irc very often, I love the idea of more encryption. I would love to see a client as well to interact with the ircd to streamline this process and make it automatic :-P but that's just me being lazy. I can't say I know much about the encryption process so I don't have much input there
-
Well IRCd uses from what I remember Secure Sockets, so it's SSL - so yeah heartbleed is relevent.
When it comes to coding there are only two languages you need, C & D, C++ has far too much dynamic linking for my liking, on top of that you depend on other Dev's to have not done something malicious to the underlying Kernel code. I've seen far too many Kernel Bugs in my time and looked through far too many RFC's to know that, that many mistakes is no accident!
It's stupidity, even Theo the guy writting & maintaining OpenBSD has decided he's had enough of OpenSSL and started his own fork called LibreSSL. But then SSL is hardly a complete toolbox. There are plenty of algorithms and features missing from OpenSSL.
It's so Open it's full of Bugs - Remember the tale that too many cooks spoil the soup?
Thats why when you let teams of people go at something, someone somewhere misses something or overlooks something and then later on your left at the mercy of a crap coding Job done by someone else.
If your going to Code something, you should always do it 100% yourself, it's open source, your free to modify any part of it you think could be improved, however the improvements in the last 40 to 50 years are not what I would call an improvement, if anything it's gone backwards and rapidly. Things are only going to get worse before they get better, so yeah - all software sucks, Linux - Sucks, Unix - Sucks and AIX -Sucks raw eggs through a straw! If you look at the TCPCrypt project they've been pushing for Ubiquitous encryption at the packet layer for a long time, but no-one has implimented it, because that ruins Cyber-Crooks Jobs.
You only have to read the stuff on the ACLU and all the dox that have been released and when you read - IPSEC - Vulnerable, then you know that even Kerberos has been deliberately and maliciously nobbled!
As for Dev's I am one, or I was, years ago I was on the Debian mailing lists and pulling forks and pointing out flaws for other Devs on the Tor project, things like Geolocation in the Tor browser, that just shouldnt be in there in the first place because it reveals your real IP regardless of going through a Tor exit and now I dont maintain or want to maintain a Linux distro, not after watching them accept Google's kernel revisions and listening to Linus go oh DRM is ok with Linux but if you dont like it then Flame Linus to a Crisp!
An now I understand all too clearly why Theo can't bear to be in the same room as him!
-
If you code your own SSL library you're likely to make more mistakes than OpenSSL had right now. The new version uses C++11 as it's so much simpler and cleaner than anything that could be done using C. Yes there might be kernel issues but that's not my problem as I don't want to deal with raw packets and make my own stack and such.
-
If you code your own SSL library you're likely to make more mistakes than OpenSSL had right now. The new version uses C++11 as it's so much simpler and cleaner than anything that could be done using C. Yes there might be kernel issues but that's not my problem as I don't want to deal with raw packets and make my own stack and such.
Oh I wont do away with the C++ in its entirity yes I know it has RC6 or ARC6 along with a few other desireables but when it comes to touching the stack, there's no need, I bought an open source machine to run open source on and the stacks are plentiful to choose from. Fat, Ext, ReiserFS, etc, etc all the kernel needs are a few lines telling it which one.
OpenSSL, sorry the only reason I would use that, is to browse the web, when it comes to direct connections, its going to be a whole new ball game.
If Oracles Java is not type-safe then it's gone! DELETE-DELETE-DELETE - "FLAMED TO A CRISP!"
Fancy graphics drivers - ha, they wish! You have to evaluate what you want and what you dont want, you dont want video games unless your emulating it locally with no remote connections, you dont want a window with 7 TTY's all of which are all running a Serial-Line TeleType Interface!
Audit-D yeap, people run the Security Audit Daemon to remove all the excess shit out of there OS and harden it with the NSA's own Flask Project but people have found that to be harmful to some kernel config's hence it's untrustworthy cruft and it too is gone. You can't trust non-federated DSA & SHA1 because they're old and very broken digests which mean they're shit!
-
Meaningfully put and well said, I could not agree more, Zuckerburg.. Facebook Jew..
In fact everybody that has been involved in the online leaks of late that works in well paid possitions for all the tech companies has Jewish ties, anonymous made that clear in there last message http://m.youtube.com/?reload=2&rdm=139yl0573#/watch?v=DJ7ZL6ul71k
So it's all a lie, the world banks control the web, control your lives, its all about project BlueBook and Nixons MKUltra and mind control.
They fool you into thinking Linux is Wonderful, but actually Linux is a Cock!
They wouldnt have Fedora Core 3 running on laptops harvesting peoples credentials if it wasnt thanks to Linus.
I agree, lets flame that fucker to a crisp!
At the end of the day he's from Helsinki and he drives a Mercedes Benz... German engineering is ok for some!
An if you missed it you should see SIGLINUX on the GNU homepage! SIGINT or SIGDEV, it's a waste of brain space and has nothing to do with making the web a more secure place.
Googles last programing language was, Go and there is already a Language called Go, so Google means - Go - Ogle, or go Spy.. Linus, Sergey Brin, Larry Page.. These are worthless fuckers that should be publicly executed for falling in line with FIPS - Federated Information Processing Standands.. Let's all worship the Bank!
Optik Nerve - Wait up you mean Optik Perv - Thank you Linus, thank you Google and your STELLERWIND - they of course mean BREAKWIND.
An there he goes bitching about how we should all flame SoC chips in his online posts, no we should all flame you! For being what you are an egotistical pragmatic cock, anyone who drives a Mercedez Benz is unfortunately a self satisfied egotistial cock, but now-now try to remember Net-Nutrality.
-
I know for a fact Red Hat and the Fedora Project have ties to the NSA, what with being the testing ground for SELinux, and often suspiciously avoiding cryptographic questions related to their products.
The rest is just rambling, however.
-
Rambling... The fact is we all know, so the fact is what they're doing is bull-shit to turn a fast buck. Thats not rambling, it's Elite controlling your live's and feeding you a well laid out line of bull-shit.. Hackers of course get the blame, when the fact is they've undermined that which makes it a democracy, if you find a webpage with Kiddie porn what would you do, same as I in that context, you flame the fuck out of the hosting provider, you flame it's users into the ground, same as you would if you found an arab springs web-site. But here they go with there well thought out bullshit, video games that encourage kids to Join the military, see the world, its all sex drugs and rock and roll.
Along with some well placed advertising!
-
Rambling... The fact is we all know, so the fact is what they're doing is bull-shit to turn a fast buck. Thats not rambling, it's Elite controlling your live's and feeding you a well laid out line of bull-shit.. Hackers of course get the blame, when the fact is they've undermined that which makes it a democracy, if you find a webpage with Kiddie porn what would you do, same as I in that context, you flame the fuck out of the hosting provider, you flame it's users into the ground, same as you would if you found an arab springs web-site. But here they go with there well thought out bullshit, video games that encourage kids to Join the military, see the world, its all sex drugs and rock and roll.
Along with some well placed advertising!
You watch too many movies, taking the word from anonymous sounds like an awesome idea.
This is not the right topic to continue further discussion on the latter.
-
This has been pointed out a few times now, STAY ON TOPIC!
If you want to further discuss any unrelated material, create a thread or use PM's.