Don't offer anyone with the right nick the right to decrypt messages directed to the user

[thejh]

WHAT THE HELL? I hope I'm reading this code wrong:

   if sender == 'gribble':
        match = self.msg.match(message) 
        if match:
            print 'recieved request from gribble, grabbing', match.group(1)
            data = urllib2.urlopen(match.group(1)).read()
            decrypted = str(self.gpg.decrypt(data, passphrase=self.passphrase))
            reply = ";;gpg everify "+decrypted
            print 'replying with', reply
            self.purple.PurpleConvImSend(self.purple.PurpleConvIm(conversation), reply)
            if VOICEME:
                self.purple.PurpleConvImSend(self.purple.PurpleConvIm(conversation), ";;voiceme")

Anyone who can intercept the connection to the chat server can decrypt any message written to the user by sending a fake "get your encrypted OTP from..." message, intercepting the http request, replying to the request with an interesting encrypted message and receiving the unencrypted message sent back over the chat connection?

[thejh]

Btw, I'm referring to this file: https://github.com/nanotube/supybot-bitcoin-marketmonitor/blob/master/GPG/helperscripts/bitcoin-otc-gpg-eauth-pidgin.py

[thejh]

@Azelphur the script says you're the author

[Azelphur]

Hi. I wrote this in haste a long time ago for someone and I'm not exactly a security maniac.

Is the xchat plugin more secure? I could rip the code out of that and make my plugin function in the same way.

[Hasimir]

It doesn't matter if someone intercepts the encrypted message because they can't decrypt it when it is encrypted with your key.

Just as it doesn't matter if someone intercepts the OTP used for the signing method (which is what I do). The strength of the algorithms used by GPG is what really protects us, IRC and these plugins are just the delivery method.

[thejh]

@Hasimir The danger is not that a passive attacker can intercept stuff. The danger is that an active attacker can substitute the challenge with a secret message directed to the victim of the attack and thereby make the victim decrypt the message and send an unencryped copy back over the network. The best tools can't protect you if you do stupid things with them. @Azelphur As far as I can see, it isn't. You might want to check whether the decrypted challenge starts with the correct prefix.

[Azelphur]

Patches welcome I guess :)

[Hasimir]

@thejh I'm still not sure how that would be a problem, decrypting the message and posting it to pastebin (or wherever) shouldn't be that much of a problem unless whatever it is is somehow executable in the process.

Mind you, I use the other method with clearsigning the string to authenticate and rely on SHA-512 to protect my account.

[nanotube]

Hi thejh:

Thank you for pointing out this issue.

I see what you're talking about - indeed none of the scripts check if the message being decrypted is of the expected form, so if the user's connection is being controlled by an attacker, he can be fed an arbitrary encrypted message for decryption, and the user's client will feed the decrypted result, which is indeed a potential security issue.

It would be a good idea to add that to the scripts. On the plus side, this attack requires a complete ownership of a user's connection, and for users connecting to freenode via ssl, also a freenode compromise...

I have added code to the xchat helper script to make sure that (a) a challenge string of the expected form is contained in the decrypted message, and (b) only the said challenge string is passed back with the everify command.

Over time, I hope I can get the other contributors to do the same.

[nanotube]

I've also added the same check to the pidgin plugin from Azelphur. :)

[Azelphur]

Yay, I don't have to do anything

/me puts feet up

[nanotube]

hehe