Page 1 of 1

Unreal5: Channel History and channel blowfish encryption

Posted: Tue Jan 21, 2020 5:39 am
by HeXiLeD
Although I cannot be 100% sure about this, I had a channel that was encrypted with the blowfish addon.

Everything was fine for months until I updated to U5 and played with channel history.

Tested with setting and un-setting channel history
Used 3 irc clients: weechat, hexchat and kvirc

All them 3 were not able to decrypt users written text after /cycle the channel.

I am curious if this is directly related to channel history feature.

edit:

Currently in the config this is my default setup when not overridden by the services

Code: Select all

        # 3.119
        # https://www.unrealircd.org/docs/Set_block#set::history
        # https://www.unrealircd.org/docs/Channel_history
        history {
                channel {
                        # How many lines to playback on join?
                        playback-on-join {
                                lines 15;
                                time 1w;
                        }
                        # How much history to keep. These are the
                        # upper maximums for channel mode +H lines:time
                        max-storage-per-channel {  
                                lines 5000;
                                time 1w;
                        }
                }
        }

Re: Unreal5: Channel History and channel blowfish encryption

Posted: Wed Jan 22, 2020 5:19 pm
by HeXiLeD
So I did a few more tests with several irc clients and with weechat.
On weechat I used the following scripts

Weechat:
https://weechat.org/scripts/source/fish.py.html/
https://github.com/freshprince/weechat- ... er/fish.py
https://github.com/mawashii/weechat-fish

Hexchat:
https://github.com/hexchat/hexchat/tree ... ns/fishlim
https://fishlim.kodafritt.se/
https://github.com/BakasuraRCE/hexchat-fishlim-reloaded

These tests showed that if the network has channel history feature enabled in the configs and even tho channels are not +H, clients with blowfish do not get to encrypt or decrypt text properly.

This only started to happen to me when I upgraded to unreal5 and I tested the same clients on a non unrealircd network.

Maybe there is a bit more to all this and having other people testing, will surely help to understand what is going on.

Re: Unreal5: Channel History and channel blowfish encryption

Posted: Sat May 02, 2020 2:39 pm
by Syzop
This whole fish thing looks like junk and insecure to me, I mean CBC... encrypting the same plaintext to the same ciphertext every time? Seriously?

Anyway, just to let you know someone else mentioned it and it turns out if you unload the server-time module, eg:

Code: Select all

blacklist-module "server-time";
...then it works OK on weechat. (I did not have problems with hexchat by the way)

If you can confirm then maybe you can bother the weechat plugin authors about this. I don't think UnrealIRCd is doing anything wrong here.