Page 1 of 1

Looking for full encryption

Posted: Sat Aug 04, 2012 11:21 am
by Skuom
Hello, I am looking for some kind of full IRC encryption. SSL is not really enough since the messages will be plaintext on the server. So I am looking for something that will encrypt all messages throughout the network.

Is this even possible?

Skuom

Re: Looking for full encryption

Posted: Sat Aug 04, 2012 3:59 pm
by katsklaw
what do you mean "messages are in plain text on the server" ?

Re: Looking for full encryption

Posted: Sun Aug 05, 2012 10:49 pm
by Stealth
With the way IRC and SSL works, messages are transmitted between clients and server in encrypted format, then on the server they must be decrypted to plaintext before they can be retransmitted to other clients. The reason it needs to be this way is because SSL works off of a shared-key cryptology. The shared key between your client and the server WILL be different than the shared key between the server and a remote client. Therefore if you copied the encrypted text directly to the other clients they would be unable to read these. Naturally, if all client-server connections had the same shared key, it would defeat the purpose of encryption all together (since everyone would have the key to read anyone else's message).

The only way this can be done is if the messages are encrypted at the client level before being transmitted to the server and everyone had the matching keys to decrypt each message. This type of communication is not possible using IRC (however it is possible if you made your own script/client to encrypt all messages before sending and decrypt incoming messages but it would still all be handled as plaintext).

Re: Looking for full encryption

Posted: Fri Aug 10, 2012 6:57 pm
by Capitaine
SSL is a tunnel, like SSH. They all have an entry and an exit.

"Full encryption" would mean it can't be a tunnel...

More relevantly, encryption can be enforced closing the "plain" sockets, and upgrading to TLS 1.2 (both clients and servers)

Re: Looking for full encryption

Posted: Sat Aug 11, 2012 8:25 am
by Syzop
Messages are fully encrypted in transit with SSL/TLS. Of course 'on the server' it will have to be decrypt it to parse the message so the IRCd knows what command you want to execute and what you want the IRCd to do (send a message, kick someone, ..).
If Skuom means full encryption where the server cannot decrypt it, well.. then this has to be done on the client(s).. and since it isn't done on the server, it also can't be done in a module, so then this thread is in the wrong category ;). Then you're better off on a mIRC forum or whatever client you are using.
Also, if you mean client-to-client encryption outside the server, then without SSL any non-PRIVMSG/NOTICE commands will be plaintext so that might even be worse than using SSL (eg: OPER passwords and unaware clients such as NickServ traffic travels unencrypted). Of course you can also use both SSL and additional encryption.