Philosophy of the Approach

There were heated debates about exactly how to write this addon.

It's primary purpose is simple: to generate random channel keys for another tool (mircryption), and exchange them securely over irc.  However, doing this in a truely secure fashion is not trivial.  We assume that the world of irc is filled with spies and packet sniffers - that every irc server is compromised and has ten independent copies of Carnivore attached to it, devoted solely to reading your personal converations.

Implementing cryptographically secure code is a specialized skill, and is fraught with peril.  There are many free cryptographic source code libraries available on the web - some are just small snippets of little-known proprietary code, which are very compact and fast, but require substantial and careful writing of code to interface with properly.  Some are quite large (and often bloated) libraries which are ready for easy incorporation into exisiting code.  Some code has been studied and tested extensively by cryptographic experts, and some code remains largely untested.

Because it is so easy to make a small mistake in implementing a cryptographic protocol, and because the aim of this project is to reduce to a minimum the need for you to trust our programming/cryptographic skills, we have decided to adopt the following central approach:

All of the cryptographic-related routines utilitized in MircryptionPgp are taken from existing, well tested, trusted, peer-reviewed source code.  This code has not been modified in any way by us, and in this way we have sought to eliminate any possibility that a flaw could be introduced by trying to write our own implementations of existing algorithms.  The only real disadvantage is in the larger size of the code.  The advantage is that you don't have to rely on the security of our cryptographic skills.

After much debate, we decided to use Phil Zimmeman's PGP as the core cryptograpic library.  There was a lot of debate regarding the use of PGP as opposed to alternative public key routines.  We chose pgp because of the strength of its key management functionality, and the long standing exposure of the pgp code to peer review.  Although the PGP code is somewhat blaoted, it has the advantage of allowing you to use all of the PGP funcality with MircryptionPgp, including the ability to use keyservers and import and export keys in a variety of formats.  Not to mention the fact that PGP is a pretty nice general purpose encryption tool for your files and email.

Please note that a detailed discussion of the encryption technology employed in MircryptionPgp (public key encryption and pseudo random number generation) is outside the scope of this help file, beyond describing the basic protocols and sources for the algorithms we have used.  Public key encryption is an elegant and profound idea - for more information see Bruce Schneier's famous Applied Cryptography book, the documentation for PGP, or search the web for information on cryptography.  Steven Levy's 2001 book "crypto" has a nice layman's discussion of the history of pgp and public key encryption.