Security of new channel history feature

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Locked
HeXiLeD
Posts: 51
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

Security of new channel history feature

Post by HeXiLeD »

In regards to the following feature, how will the messages being stored?
Plain text? or some desired form of encryption?

This is a great server side feature, but what security mechanism will take care of it?
Recording and playback of channel history when channel mode +H is set.
The syntax is: +H max-lines-to-record:max-time-to-record-in-minutes.
For example: +H 50:1440 means the last 50 messages will be stored and no message will be stored longer than 1440 minutes (1 day).
The channel history is then played back when joining such a channel, but with two things to keep in mind:

The client must support the 'server-time' CAP, otherwise history is not shown. Any modern IRC client supports this.
Only a maximum of 15 lines are played back on-join by default

The reason for the maximum 15 lines on-join playback is that this can be quite annoying if you rejoin repeatedly and as to not flood the users screen too much (unwanted). In the future we will support a mechanism for clients to "fetch" history - rather than sending it on-join - so they can fetch more than the 15 lines, up to the number of lines and time configured in the +H channel mode.
You can configure the exact number of lines that are played back and all the limits that apply to +H via set::history::channel.
For saving and retrieving history we currently have the following options:

history_backend_mem: channel history is stored in memory. This is very fast but also means history is lost on restart.
history_backend_null: don't store channel history at all. This can be useful to load on servers with no users on it, such as a hub server, where storing history is unnecessary.

As you can see there is currently no 'disk' backend. However, in the future more options may be added.
Also note that 3rd party modules can add history backends as well.
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Security of new channel history feature

Post by Syzop »

(I've split your post off to this new thread)

Right now, as you pasted, we only have two backends, history_backend_null which does not store anything, and history_backend_mem which stores the history in memory.
Since nothing is written to disk (or any other permanent storage) there's no encryption. It's all volatile.. gone on a ircd or server restart.
Of course, if we - or some 3rd party - add support for storing on disk then an encryption option would be a wise idea.
HeXiLeD
Posts: 51
Joined: Mon Jan 16, 2017 8:07 pm
Location: online

Re: Security of new channel history feature (Cold Boot Attacks)

Post by HeXiLeD »

Lest We Remember: Cold Boot Attacks on Encryption Keys https://citp.princeton.edu/our-work/memory
Introduction
Most security experts assume that a computer’s memory is erased almost immediately when it loses power, or that whatever data remains is difficult to retrieve without specialized equipment. We show that these assumptions are incorrect. Ordinary DRAMs typically lose their contents gradually over a period of seconds, even at standard operating temperatures and even if the chips are removed from the motherboard, and data will persist for minutes or even hours if the chips are kept at low temperatures. Residual data can be recovered using simple, nondestructive techniques that require only momentary physical access to the machine.....
https://s3.amazonaws.com/citpsite/wp-co ... derman.pdf
Constructive criticism leads to evolution and progress. Negative criticism leads to obsolescence. We are not in the 90's IRC world anymore.
CertFP: d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: Security of new channel history feature

Post by Syzop »

I am aware. It is nearly impossible to protect against a situation where an attacker has physical access to the machine. Even respected full disk encryption systems like LUKS, Truecrypt/Veracrypt can't protect against such a situation.
Locked