Project

General

Profile

Blowfish Encryption Draft » History » Version 23

Datafreak, 03/04/2010 10:53 AM

1 1 johu
h1. Blowfish Encryption
2 1 johu
3 2 johu
{{toc}}
4 2 johu
5 2 johu
h2. Introduction
6 2 johu
7 4 johu
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention. Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."[1]
8 2 johu
9 5 johu
h3. IRC Profit
10 1 johu
11 5 johu
Blowfish can be used in IRC to encrypt messages between 2 persons in a query or messages in a channel and the topic too. 
12 1 johu
13 5 johu
h3. Examples
14 5 johu
15 5 johu
* In XChat[2], Irssi[3] and mIRC[4] Blowfish support can be enabled with the FiSH plugin[5].
16 5 johu
* Konversation[6] has a built in Blowfish support
17 5 johu
18 8 johu
h2. Development
19 1 johu
20 5 johu
h3. Related Issues
21 2 johu
22 5 johu
* #689 Blowfish Support (in development)
23 18 johu
* #911 DH1080 Key Exchange
24 5 johu
* -#61- Encrypted query (closed, will not implemented)
25 5 johu
26 6 johu
h3. Repository
27 6 johu
28 6 johu
The current development state can be found at http://gitorious.org/~johu/quassel/johus-quassel
29 6 johu
30 6 johu
>  *Get the source*
31 23 Datafreak
<pre><code>git clone git://gitorious.org/~johu/quassel/johus-quassel.git
32 23 Datafreak
git checkout -b blowfish -t origin/blowfish</code></pre>
33 1 johu
34 15 johu
h3. TODO
35 15 johu
36 15 johu
* -Include QCA in build system- Tested in Linux *Need support for Windows, MaxOSX testing*
37 15 johu
* -Cipher implemention- Class imported from Konversation, should works
38 15 johu
* -include cipher in IrcUser and IrcChannel- 
39 15 johu
* -store keys for channel and user in Network-
40 15 johu
* -commands setkey, delkey implementation- *have to be tested*
41 17 johu
* -encrypt topic-
42 16 johu
* -decrypt topic-
43 17 johu
* -encrypt channel message-
44 1 johu
* -decrypt channel message-
45 17 johu
* -encrypt query message-
46 15 johu
* -decrypt query message-
47 19 johu
* output messages for setkey, delkey commands: -en-, cs, da, de, es, fi, fr, hu, it, nb, ru, sl, tr
48 19 johu
* extract howto for end user from this wiki site
49 21 johu
* -gentoo ebuild-
50 15 johu
51 8 johu
h3. Library
52 8 johu
53 9 johu
The Blowfish algorithm is implemented in the *QCA* (Qt Cryptographic Architecture)[7] library. QCA works on all plattforms there are supported by QT including Unix, Windows and MacOSX. It is already included in Quassel build system at listed repository above.
54 8 johu
55 10 johu
h3. Commands
56 10 johu
57 10 johu
In first stable release of this feature in Quassel there will be 2 new user commands available.
58 10 johu
59 10 johu
a) setting a key for a user or channel 
60 10 johu
61 10 johu
> Usage
62 10 johu
<pre><code>/setkey <nick|channel> <key></code></pre>
63 10 johu
64 10 johu
b) deleting a key for a user or channel
65 10 johu
66 10 johu
> Usage
67 10 johu
<pre><code>/delkey <nick|channel></code></pre>
68 10 johu
69 11 johu
h3. Current Plan
70 11 johu
71 12 johu
After short discussion in #quassel.de with Sput, krytzz and brot Blowfish encryption will be included in core. See section discussion below for more information. The only contra argument is the unsecure path between remote core and clientvin a untrusted net in case of no ssl connection is present. But the pro argument preponderate to strong. So i will revert the first plan to implement the de-/encryption in client.
72 12 johu
73 12 johu
The other result of this discussion is this wiki article.
74 11 johu
75 7 johu
h3. Discussion
76 7 johu
77 7 johu
There are two possible ways to implement Blowfish support in Quassel architecture:
78 1 johu
79 11 johu
*a) Client side de-/encryption*
80 7 johu
81 7 johu
!client_deencryption.png!
82 1 johu
83 11 johu
All messages will be de-/encrypted on client side.
84 11 johu
85 11 johu
*Pro*
86 13 johu
* the complete path of messages from one client to an other is encrypted
87 13 johu
* core have nothing to do
88 11 johu
89 11 johu
*Contra*
90 13 johu
* Messages in backlog will be encrypted, that implies on receiving backlog all encrypted messages have to decrypt
91 13 johu
* If key for a channel/user changed, old messages will stay decrypted
92 11 johu
93 14 johu
*b) Core side de- and encryption*
94 7 johu
95 1 johu
!core_deencryption.png!
96 11 johu
97 11 johu
All messages will be de-/encrypted on core.
98 11 johu
99 11 johu
*Pro*
100 13 johu
* Backlog contains all decrypted messages
101 13 johu
* Client do not need to decrypt on receiving backlog
102 13 johu
* Key change doesnt matter
103 13 johu
* Fits better in Quassel architecture
104 11 johu
105 11 johu
*Contra*
106 13 johu
* The path between a core and client is unsecured if SSL is not enabled and it is not a monolitic build.
107 7 johu
108 20 Datafreak
h3. Build QCA on Windows
109 20 Datafreak
110 20 Datafreak
<pre>set QTDIR=C:\dev\qt-everywhere-opensource-src-4.6.1-shared
111 20 Datafreak
 
112 20 Datafreak
@set PATH=%QTDIR%\bin;%PATH%
113 20 Datafreak
@set INCLUDE=%QTDIR%\include;%INCLUDE%
114 20 Datafreak
@set LIB=%QTDIR%\lib;%LIB%
115 20 Datafreak
116 20 Datafreak
cd C:\dev
117 20 Datafreak
mkdir qca-build
118 20 Datafreak
cd qca-build
119 20 Datafreak
svn checkout svn://anonsvn.kde.org/home/kde/trunk/kdesupport/qca/
120 20 Datafreak
mkdir qca2-build
121 22 Datafreak
cd qca2-build</pre>
122 22 Datafreak
123 22 Datafreak
Visual Studio:
124 22 Datafreak
<pre>cmake -DBUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=C:\dev\qca -DCMAKE_BUILD_TYPE=Release -G "NMake Makefiles" ..\qca
125 1 johu
nmake
126 1 johu
nmake install</pre>
127 22 Datafreak
128 22 Datafreak
MinGW:
129 22 Datafreak
<pre>cmake -DBUILD_TESTS=OFF -DCMAKE_INSTALL_PREFIX=C:\dev\qca -DCMAKE_BUILD_TYPE=Release -G "MinGW Makefiles" ..\qca
130 22 Datafreak
mingw32-make
131 22 Datafreak
mingw32-make install</pre>
132 20 Datafreak
133 1 johu
h2. References
134 1 johu
135 1 johu
[1] http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
136 5 johu
[2] http://xchat.org/
137 5 johu
[3] http://irssi.org/
138 5 johu
[4] http://www.mirc.com/
139 5 johu
[5] http://fish.secure.la/
140 1 johu
[6] http://konversation.kde.org/
141 8 johu
[7] http://delta.affinix.com/qca/