Author Topic: Idea for "Super secure" P2P chat.  (Read 7745 times)

0 Members and 1 Guest are viewing this topic.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Idea for "Super secure" P2P chat.
« on: February 01, 2013, 01:44:46 pm »
Hello EZ,

Sometimes I have these mind twists.
Bear with me here.

Say you need to have a private conversation with 1 or even more people.
You dont want to rely on e-mail , IRC or any messenger for obvious reasons.
Im not going into the downsides of the previously mentioned ways of communication for this would be out of scope.



Requirements;

SSH-server
SSH-client
screen (unix tool)
Need help installing just ask.




Oke so I have an SSH server running on my local host.
Also Ill open an empty terminal.
I will be logged in as user: peter
Type the following command:
Code: [Select]
screen -S chatWait..


On my other machine ill be opening a new terminal.
SSH into peter's machine.
Code: [Select]
ssh peter@192.168.0.5Enter password or better yet use key pairs.
Make sure you are logged in as user: peter
If not use
Code: [Select]
su peterThan
Code: [Select]
screen -x chat
Now both the the machines are looking at the exact same terminal.
One can type something and both will see whats happening character by character.
It might not be very practical but it is pretty darn secure and especially private.

A downside is that it requires previous communication also having someone else logged into your terminal might be scary.
One solution would be using some bash scripts and running as a 0 priv user.

Any questions?


(Im not very good at writing tutorials but I hope its understandable)
Cheers,
Proxx


*Edit*

Using a terminal editor such as a nano or vi will make this a lot easier.
Also if both parties agree on ending their sentence with a specific character the other person would know when he/she is finished typing.
Its dirty and hackish but it works :)

*Edit2*

Oke I probably figured out the problem.
Having 2 people type in the same line is totally crap and I probably have a solution for this.
Ill update when I figured out the details.
« Last Edit: February 01, 2013, 02:39:08 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline parad0x

  • VIP
  • Royal Highness
  • *
  • Posts: 638
  • Cookies: 118
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #1 on: February 01, 2013, 02:41:03 pm »
You had written a good tut. +1 to you.

Offline DaNePaLI

  • Peasant
  • *
  • Posts: 55
  • Cookies: 12
  • Forever n00b
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #2 on: February 01, 2013, 02:42:50 pm »
No, this is not so "Super Secure" P2P chat. If you have the whole control over the server, then it might be.

Sys admins could add following lines in the .bashrc (I think Zsh has more easier method to sync history):

Code: [Select]
if [[ "$STY" = "" ]]; then STY="sty_empty"; fi
if [[ "$WINDOW" = "" ]]; then WINDOW="win_empty"; fi
export HISTFILE=~/.bash_history.$STY.$WINDOW;


#PROMPT_COMMAND="$PROMPT_COMMAND; history -a"
PROMPT_COMMAND="history -n; history -a"

This ensures we get separate history file for each of the screen consoles/terminals, etc. So, I must say don't rely on this method. Its just not secure.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #3 on: February 01, 2013, 02:43:44 pm »
This is secure if the server is yours.
Thats exactly the point.
And A perfect way to keep BASH from logging is just using a python shell ;)

Zsh is superiour in many ways, love it.
« Last Edit: February 01, 2013, 02:51:32 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline paraponzipopo

  • /dev/null
  • *
  • Posts: 10
  • Cookies: -2
  • sk2 #3
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #4 on: February 01, 2013, 03:42:16 pm »
proxx - take a look at waste - it used to kick ass a while back and is still in use today in certain corners of the net - supports chat and various encryption standards reaching up to 4096bit - lightweight, decentralised and open source - the code's probably worth a browse if you're interested, and can be picked up at sourceforge...


« Last Edit: February 01, 2013, 03:43:05 pm by paraponzipopo »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #5 on: February 01, 2013, 03:46:03 pm »
Ill take a look at that, thanks :D
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Evilone

  • /dev/null
  • *
  • Posts: 16
  • Cookies: 14
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #6 on: May 11, 2013, 10:34:54 pm »
it's easier to just implement an AES-256 based chat protocol which uses Diffie-Helman for key exchanages. This way you can share public keys and chat with each other and no outside party could read the chat transcripts

Offline Naer

  • /dev/null
  • *
  • Posts: 10
  • Cookies: 0
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #7 on: June 04, 2013, 01:47:48 pm »
Guys, it's time to learn about pgp/gpg.

With pgp you can have end2end encryption and don't need to allow anyone to your server.

Offline scuarplex

  • /dev/null
  • *
  • Posts: 9
  • Cookies: 1
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #8 on: June 05, 2013, 04:19:01 pm »
You guys might wanna check out this project: https://github.com/alfred-gw/torirc

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Idea for "Super secure" P2P chat.
« Reply #9 on: June 05, 2013, 08:02:47 pm »
Lol I see a lot of responses with solutions which is great.
But the soil point of this post was to illustrate a outofthebox method which is very secure by nature.
Im not claiming it to be practical or anything.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage