Open benrob0329 opened 5 years ago
WARNING: FiSH encryption is not secure. See the security section below. A better encryption mode will be implemented later!
I'm going to be highly conflicted about this.
FiSH encrypts your messages in ECB mode (in other words, in independent blocks). If the same block appears two times it will be encrypted the same way both times.
So, never give untrusted people unencrypted chat logs if they also have the encrypted version! Then they can decrypt the messages if they appear again. Also, it's possible to make statistical attacks or replay attacks. A better encryption mode will be implemented later!
Yip...
See https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/ (Quassel supports both modes, and I believe Hexchat does as well)
https://bugs.quassel-irc.org/projects/quassel-irc/wiki/Blowfish_Encryption_Manual
ECB variant is definitely not going to be implemented as it provides next to no security. CBC can be considered.
See the plugin shipped with Hexchat, and also https://fishlim.kodafritt.se/