Project

General

Profile

Blowfish Encryption Draft » History » Version 33

Anonymous, 03/07/2013 07:41 PM

1 33 Anonymous
*NOTE:* this is a draft/todo article of a topic that has been implemented. It is kept around for historical purposes. You probably want http://bugs.quassel-irc.org/projects/quassel-irc/wiki/Blowfish_Encryption_Manual instead.
2 33 Anonymous
3 1 johu
h1. Blowfish Encryption
4 1 johu
5 2 johu
{{toc}}
6 2 johu
7 2 johu
h2. Introduction
8 2 johu
9 4 johu
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention. Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."[1]
10 2 johu
11 5 johu
h3. IRC Profit
12 1 johu
13 5 johu
Blowfish can be used in IRC to encrypt messages between 2 persons in a query or messages in a channel and the topic too. 
14 1 johu
15 5 johu
h3. Examples
16 5 johu
17 5 johu
* In XChat[2], Irssi[3] and mIRC[4] Blowfish support can be enabled with the FiSH plugin[5].
18 5 johu
* Konversation[6] has a built in Blowfish support
19 5 johu
20 8 johu
h2. Development
21 1 johu
22 5 johu
h3. Related Issues
23 2 johu
24 25 johu
* #689 Blowfish Support (since 28.10.2010 in upstream available)
25 18 johu
* #911 DH1080 Key Exchange
26 30 johu
* #1069	showkey command
27 29 johu
* #1045 Crash of missing qca provider plugin
28 1 johu
* #1059 Crash on not decryptable text
29 30 johu
* #61 Encrypted query (closed, will not implemented)
30 5 johu
31 6 johu
h3. Repository
32 6 johu
33 6 johu
The current development state can be found at http://gitorious.org/~johu/quassel/johus-quassel
34 6 johu
35 6 johu
>  *Get the source*
36 23 Datafreak
<pre><code>git clone git://gitorious.org/~johu/quassel/johus-quassel.git
37 28 johu
git checkout -b dh1080 -t origin/dh1080</code></pre>
38 1 johu
39 15 johu
h3. TODO
40 15 johu
41 25 johu
* -Include QCA in build system- Tested in Linux Windows; Need support for *MaxOSX testing*
42 15 johu
* -Cipher implemention- Class imported from Konversation, should works
43 15 johu
* -include cipher in IrcUser and IrcChannel- 
44 15 johu
* -store keys for channel and user in Network-
45 26 johu
* -commands setkey, delkey implementation-
46 17 johu
* -encrypt topic-
47 16 johu
* -decrypt topic-
48 17 johu
* -encrypt channel message-
49 1 johu
* -decrypt channel message-
50 15 johu
* -encrypt query message-
51 19 johu
* -decrypt query message-
52 27 johu
* -extract howto for end user from this wiki site-
53 1 johu
* -gentoo ebuild-
54 1 johu
* -command showkey-
55 33 Anonymous
* -command keyx-
56 33 Anonymous
* -initiliase key exchange-
57 33 Anonymous
* -react on key exchange-
58 15 johu
59 8 johu
h3. Library
60 8 johu
61 31 johu
The Blowfish algorithm is implemented in the *QCA* (Qt Cryptographic Architecture)[7] library. QCA works on all plattforms there are supported by QT including Unix, Windows and MacOSX. It is already included in Quassel build system at listed repository above. At runtime a QCA provider plugin is needed, for example qca-ossl.
62 10 johu
63 10 johu
h3. Commands
64 10 johu
65 10 johu
a) setting a key for a user or channel 
66 10 johu
67 10 johu
> Usage
68 10 johu
<pre><code>/setkey <nick|channel> <key></code></pre>
69 10 johu
70 10 johu
b) deleting a key for a user or channel
71 1 johu
72 1 johu
> Usage
73 1 johu
<pre><code>/delkey <nick|channel></code></pre>
74 1 johu
75 30 johu
c) show key for a user or channel
76 30 johu
77 30 johu
> Usage
78 30 johu
<pre><code>/showkey <nick|channel></code></pre>
79 30 johu
80 30 johu
d) key exchange for user or channel 
81 30 johu
82 30 johu
> Usage
83 28 johu
<pre><code>/keyx <nick|channel></code></pre>
84 10 johu
85 11 johu
h3. Current Plan
86 11 johu
87 12 johu
After short discussion in #quassel.de with Sput, krytzz and brot Blowfish encryption will be included in core. See section discussion below for more information. The only contra argument is the unsecure path between remote core and clientvin a untrusted net in case of no ssl connection is present. But the pro argument preponderate to strong. So i will revert the first plan to implement the de-/encryption in client.
88 12 johu
89 12 johu
The other result of this discussion is this wiki article.
90 11 johu
91 7 johu
h3. Discussion
92 7 johu
93 7 johu
There are two possible ways to implement Blowfish support in Quassel architecture:
94 1 johu
95 11 johu
*a) Client side de-/encryption*
96 7 johu
97 7 johu
!client_deencryption.png!
98 1 johu
99 11 johu
All messages will be de-/encrypted on client side.
100 11 johu
101 11 johu
*Pro*
102 13 johu
* the complete path of messages from one client to an other is encrypted
103 13 johu
* core have nothing to do
104 11 johu
105 11 johu
*Contra*
106 13 johu
* Messages in backlog will be encrypted, that implies on receiving backlog all encrypted messages have to decrypt
107 13 johu
* If key for a channel/user changed, old messages will stay decrypted
108 11 johu
109 14 johu
*b) Core side de- and encryption*
110 7 johu
111 1 johu
!core_deencryption.png!
112 11 johu
113 11 johu
All messages will be de-/encrypted on core.
114 11 johu
115 11 johu
*Pro*
116 13 johu
* Backlog contains all decrypted messages
117 13 johu
* Client do not need to decrypt on receiving backlog
118 13 johu
* Key change doesnt matter
119 13 johu
* Fits better in Quassel architecture
120 11 johu
121 11 johu
*Contra*
122 13 johu
* The path between a core and client is unsecured if SSL is not enabled and it is not a monolitic build.
123 7 johu
124 24 johu
h3. Build Instructions
125 24 johu
* [[Build_Quassel_on_Windows]]
126 20 Datafreak
127 1 johu
h2. References
128 1 johu
129 1 johu
[1] http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
130 5 johu
[2] http://xchat.org/
131 5 johu
[3] http://irssi.org/
132 5 johu
[4] http://www.mirc.com/
133 5 johu
[5] http://fish.secure.la/
134 1 johu
[6] http://konversation.kde.org/
135 8 johu
[7] http://delta.affinix.com/qca/