Idea for "Super secure" P2P chat.

[proxx]

Hello EZ,

Sometimes I have these mind twists.
Bear with me here.

Say you need to have a private conversation with 1 or even more people.
You dont want to rely on e-mail , IRC or any messenger for obvious reasons.
Im not going into the downsides of the previously mentioned ways of communication for this would be out of scope.



Requirements;

SSH-server
SSH-client
screen (unix tool)
Need help installing just ask.




Oke so I have an SSH server running on my local host.
Also Ill open an empty terminal.
I will be logged in as user: peter
Type the following command:

Code: [Select]

screen -S chatWait..


On my other machine ill be opening a new terminal.
SSH into peter's machine.

Code: [Select]

ssh peter@192.168.0.5Enter password or better yet use key pairs.
Make sure you are logged in as user: peter
If not use

Code: [Select]

su peterThan

Code: [Select]

screen -x chat
Now both the the machines are looking at the exact same terminal.
One can type something and both will see whats happening character by character.
It might not be very practical but it is pretty darn secure and especially private.

A downside is that it requires previous communication also having someone else logged into your terminal might be scary.
One solution would be using some bash scripts and running as a 0 priv user.

Any questions?


(Im not very good at writing tutorials but I hope its understandable)
Cheers,
Proxx


*Edit*

Using a terminal editor such as a nano or vi will make this a lot easier.
Also if both parties agree on ending their sentence with a specific character the other person would know when he/she is finished typing.
Its dirty and hackish but it works

*Edit2*

Oke I probably figured out the problem.
Having 2 people type in the same line is totally crap and I probably have a solution for this.
Ill update when I figured out the details.

[parad0x]

You had written a good tut. +1 to you.

[DaNePaLI]

No, this is not so "Super Secure" P2P chat. If you have the whole control over the server, then it might be.

Sys admins could add following lines in the .bashrc (I think Zsh has more easier method to sync history):

Code: [Select]

if [[ "$STY" = "" ]]; then STY="sty_empty"; fi
if [[ "$WINDOW" = "" ]]; then WINDOW="win_empty"; fi
export HISTFILE=~/.bash_history.$STY.$WINDOW;


#PROMPT_COMMAND="$PROMPT_COMMAND; history -a"
PROMPT_COMMAND="history -n; history -a"

This ensures we get separate history file for each of the screen consoles/terminals, etc. So, I must say don't rely on this method. Its just not secure.

[proxx]

This is secure if the server is yours.
Thats exactly the point.
And A perfect way to keep BASH from logging is just using a python shell

Zsh is superiour in many ways, love it.

[paraponzipopo]

proxx - take a look at waste - it used to kick ass a while back and is still in use today in certain corners of the net - supports chat and various encryption standards reaching up to 4096bit - lightweight, decentralised and open source - the code's probably worth a browse if you're interested, and can be picked up at sourceforge...

[proxx]

Ill take a look at that, thanks

[Evilone]

it's easier to just implement an AES-256 based chat protocol which uses Diffie-Helman for key exchanages. This way you can share public keys and chat with each other and no outside party could read the chat transcripts

[Naer]

Guys, it's time to learn about pgp/gpg.

With pgp you can have end2end encryption and don't need to allow anyone to your server.

[scuarplex]

You guys might wanna check out this project: https://github.com/alfred-gw/torirc

[proxx]

Lol I see a lot of responses with solutions which is great.
But the soil point of this post was to illustrate a outofthebox method which is very secure by nature.
Im not claiming it to be practical or anything.