Project

General

Profile

Blowfish Encryption Draft » History » Version 11

johu, 02/05/2010 04:41 AM
current plan

1 1 johu
h1. Blowfish Encryption
2 1 johu
3 2 johu
{{toc}}
4 2 johu
5 2 johu
h2. Introduction
6 2 johu
7 4 johu
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention. Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."[1]
8 2 johu
9 5 johu
h3. IRC Profit
10 1 johu
11 5 johu
Blowfish can be used in IRC to encrypt messages between 2 persons in a query or messages in a channel and the topic too. 
12 1 johu
13 5 johu
h3. Examples
14 5 johu
15 5 johu
* In XChat[2], Irssi[3] and mIRC[4] Blowfish support can be enabled with the FiSH plugin[5].
16 5 johu
* Konversation[6] has a built in Blowfish support
17 5 johu
18 8 johu
h2. Development
19 1 johu
20 5 johu
h3. Related Issues
21 2 johu
22 5 johu
* #689 Blowfish Support (in development)
23 5 johu
* -#61- Encrypted query (closed, will not implemented)
24 5 johu
25 6 johu
h3. Repository
26 6 johu
27 6 johu
The current development state can be found at http://gitorious.org/~johu/quassel/johus-quassel
28 6 johu
29 6 johu
>  *Get the source*
30 6 johu
<pre><code>git clone git://gitorious.org/~johu/quassel/johus-quassel.git</code></pre>
31 1 johu
32 8 johu
h3. Library
33 8 johu
34 9 johu
The Blowfish algorithm is implemented in the *QCA* (Qt Cryptographic Architecture)[7] library. QCA works on all plattforms there are supported by QT including Unix, Windows and MacOSX. It is already included in Quassel build system at listed repository above.
35 8 johu
36 10 johu
h3. Commands
37 10 johu
38 10 johu
In first stable release of this feature in Quassel there will be 2 new user commands available.
39 10 johu
40 10 johu
a) setting a key for a user or channel 
41 10 johu
42 10 johu
> Usage
43 10 johu
<pre><code>/setkey <nick|channel> <key></code></pre>
44 10 johu
45 10 johu
b) deleting a key for a user or channel
46 10 johu
47 10 johu
> Usage
48 10 johu
<pre><code>/delkey <nick|channel></code></pre>
49 10 johu
50 11 johu
h3. Current Plan
51 11 johu
52 11 johu
After short discussion in #quassel.de with Sput, krytzz and brot Blowfish encryption will be included in core. See section discussion below for more information. The only contra argument is the unsecure path between remote core and clientin a untrusted net in case of no ssl connection is present. But the pro argument preponderate to strong. 
53 11 johu
54 7 johu
h3. Discussion
55 7 johu
56 7 johu
There are two possible ways to implement Blowfish support in Quassel architecture:
57 1 johu
58 11 johu
*a) Client side de-/encryption*
59 7 johu
60 7 johu
!client_deencryption.png!
61 1 johu
62 11 johu
All messages will be de-/encrypted on client side.
63 11 johu
64 11 johu
*Pro*
65 11 johu
*the complete path of messages from one client to an other is encrypted
66 11 johu
*core have nothing to do
67 11 johu
68 11 johu
*Contra*
69 11 johu
*Messages in backlog will be encrypted, that implies on receiving backlog all encrypted messages have to decrypt
70 11 johu
*If key for a channel/user changed, old messages will stay decrypted
71 11 johu
72 7 johu
b) Core side de- and encryption
73 7 johu
74 1 johu
!core_deencryption.png!
75 11 johu
76 11 johu
All messages will be de-/encrypted on core.
77 11 johu
78 11 johu
*Pro*
79 11 johu
*Backlog contains all decrypted messages
80 11 johu
*Client do not need to decrypt on receiving backlog
81 11 johu
*Key change doesnt matter
82 11 johu
*Fits better in Quassel architecture
83 11 johu
84 11 johu
*Contra*
85 11 johu
*The path between a core and client is unsecured if SSL is not enabled and it is not a monolitic build.
86 7 johu
87 1 johu
h2. References
88 1 johu
89 1 johu
[1] http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
90 5 johu
[2] http://xchat.org/
91 5 johu
[3] http://irssi.org/
92 5 johu
[4] http://www.mirc.com/
93 5 johu
[5] http://fish.secure.la/
94 1 johu
[6] http://konversation.kde.org/
95 8 johu
[7] http://delta.affinix.com/qca/