Michcioperz
commented
5 years ago WARNING: FiSH encryption is not secure. See the security section below. A better encryption mode will be implemented later!
I'm going to be highly conflicted about this.
Open benrob0329 opened 5 years ago
Michcioperz
commented
5 years ago WARNING: FiSH encryption is not secure. See the security section below. A better encryption mode will be implemented later!
I'm going to be highly conflicted about this.
jzabroski
commented
5 years ago FiSH encrypts your messages in ECB mode (in other words, in independent blocks). If the same block appears two times it will be encrypted the same way both times.
So, never give untrusted people unencrypted chat logs if they also have the encrypted version! Then they can decrypt the messages if they appear again. Also, it's possible to make statistical attacks or replay attacks. A better encryption mode will be implemented later!
Yip...
benrob0329
commented
5 years ago See https://adayinthelifeof.nl/2010/12/08/encryption-operating-modes-ecb-vs-cbc/ (Quassel supports both modes, and I believe Hexchat does as well)
https://bugs.quassel-irc.org/projects/quassel-irc/wiki/Blowfish_Encryption_Manual
MCMrARM
commented
5 years ago ECB variant is definitely not going to be implemented as it provides next to no security. CBC can be considered.
See the plugin shipped with Hexchat, and also https://fishlim.kodafritt.se/