diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 25 | 
1 files changed, 24 insertions, 1 deletions
| @@ -6,7 +6,15 @@  FiSHLiM is a HexChat plugin for FiSH IRC encryption. It's my attempt at making -a simple, lightweight and secure plugin for this encryption protocol. +a simple and lightweight plugin for this encryption protocol. + +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! WARNING: FiSH encryption is not secure. See the security section below. !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +NOTE: A modified version of FiSHLiM is now bundled with HexChat. If you +use HexChat you should generally not install this plugin (and if you do +you need to remove the bundled version of FiSHLiM).  For installation instructions, see the INSTALL file. @@ -28,6 +36,9 @@ Not working:    * Topic encryption    * Remote exploitation (hopefully!)    * Plaintext content that contain +OK is decrypted twice +  * Very long messages (more than ~200 characters) +  * encryption of /me messages +  * Message authentication  Commands @@ -66,3 +77,15 @@ Commands      Deletes the given nick or channel from the configuration file. +Security warning +---------------- +FiSH encrypts your messages in ECB mode (in other words, in independent +blocks). If the same block appears two times it will be encrypted the +same way both times. + +So, never give untrusted people unencrypted chat logs if they also have +the encrypted version! Then they can decrypt the messages if they appear +again. Also, it's possible to make statistical attacks or replay +attacks. The CBC mode is somewhat better, but does not use a HMAC and no +timestamp/nonce, so it is still not secure against message manipulation +or replay attacks. | 
