Looking for full encryption

These are old archives. They are kept for historic purposes only.
Post Reply
Skuom
Posts: 1
Joined: Sat Aug 04, 2012 11:16 am

Looking for full encryption

Post by Skuom »

Hello, I am looking for some kind of full IRC encryption. SSL is not really enough since the messages will be plaintext on the server. So I am looking for something that will encrypt all messages throughout the network.

Is this even possible?

Skuom
katsklaw
Posts: 1124
Joined: Sun Apr 18, 2004 5:06 pm
Contact:

Re: Looking for full encryption

Post by katsklaw »

what do you mean "messages are in plain text on the server" ?
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Re: Looking for full encryption

Post by Stealth »

With the way IRC and SSL works, messages are transmitted between clients and server in encrypted format, then on the server they must be decrypted to plaintext before they can be retransmitted to other clients. The reason it needs to be this way is because SSL works off of a shared-key cryptology. The shared key between your client and the server WILL be different than the shared key between the server and a remote client. Therefore if you copied the encrypted text directly to the other clients they would be unable to read these. Naturally, if all client-server connections had the same shared key, it would defeat the purpose of encryption all together (since everyone would have the key to read anyone else's message).

The only way this can be done is if the messages are encrypted at the client level before being transmitted to the server and everyone had the matching keys to decrypt each message. This type of communication is not possible using IRC (however it is possible if you made your own script/client to encrypt all messages before sending and decrypt incoming messages but it would still all be handled as plaintext).
Capitaine
Posts: 27
Joined: Mon Apr 26, 2004 6:09 pm

Re: Looking for full encryption

Post by Capitaine »

SSL is a tunnel, like SSH. They all have an entry and an exit.

"Full encryption" would mean it can't be a tunnel...

More relevantly, encryption can be enforced closing the "plain" sockets, and upgrading to TLS 1.2 (both clients and servers)
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Looking for full encryption

Post by Syzop »

Messages are fully encrypted in transit with SSL/TLS. Of course 'on the server' it will have to be decrypt it to parse the message so the IRCd knows what command you want to execute and what you want the IRCd to do (send a message, kick someone, ..).
If Skuom means full encryption where the server cannot decrypt it, well.. then this has to be done on the client(s).. and since it isn't done on the server, it also can't be done in a module, so then this thread is in the wrong category ;). Then you're better off on a mIRC forum or whatever client you are using.
Also, if you mean client-to-client encryption outside the server, then without SSL any non-PRIVMSG/NOTICE commands will be plaintext so that might even be worse than using SSL (eg: OPER passwords and unaware clients such as NickServ traffic travels unencrypted). Of course you can also use both SSL and additional encryption.
Post Reply