|
Mircryption has recently added support for a new more secure encryption mode, CBC (Cipher Block Chaining) mode.
Summary
To tell the new mircryption to use CBC mode, use the prefix 'cbc:' when specifying the key for a channel or window.
Discussion
| • | By default, mircryption uses the Blowfish encryption algorithm in what is known as ECB (Electronic Code Book) mode. ECB mode treats each group of 8 characters as an independent encryption block; and an 8 character block will always encrypt to same the cipher text given a specific encryption key. |
| • | ECB is considered less secure than other modes, such as CBC (Cipher Block Chaining) mode, but mircryption uses ECB mode by default in order to be compatible with existing encryption addons for mirc. |
| • | ECB mode can be considered a risk in certain cases, because it could potentially allow an attacker to build up a dictionary of certain plaintext / ciphertext pairs. A so-called known/chosen text attack can be very risky if the attacker can convince you to encrypt a large amount of text for which they know/choose the original text. On irc, this probably is not a huge risk, because it would be difficult for an attacker to build such a dictionary. |
| • | However, the Encrypted Logging feature of mircryption is an example of a situation where a single key might be used to encrypt both public and private channels, and because you might be logging public channels, an attacker could use public logs in comparison with your encrypted version of these logs to build a large dictionary, and then use this dictionary to attack your private encrypted logs. |
| • | One way to protect against such an attacj is to use Blowfish in CBC mode. |
| • | In CBC mode, a unique (random,sequential,etc.) value is used to start each encrypted string, and each block of encrypted bytes is affected by the previous block. This makes it impossible to construct a dictionary of plaintext-ciphertext pairs. It means, for example, that even if someone can compare the encrypted and plaintext versions of a certain public log file, it will not help them to be able to decrypt other logs encrypted with the same key. Even if you type the same sentence, it will appear differently each time, due to the random initial block. |
Recommendation
CBC is considered in all aspects more secure than ECB mode, and we encourage you to use CBC mode in mircryption whenever backward compatibility is not a requirement. The only downside to using CBC mode is that you will not be able to use it when conversing with people who use addons that support only the old Blowfish ECB mode.
Usage
| • | A complete redesign has been planned for mircryption for quite a while, which would introduce an entirely new code base and support for arbitrary plugin algorithms, text compression, message authentification, etc. Until this new version is ready, we are only making minor modifications to mircryption. |
| • | However, we decided that for security reasons, support for CBC mode should not be put off any longer. |
| • | In order to support this new CBC encryption mode without introducing additional complexity in the user interface, we have employed a very simple technique. If you prefix a key with 'cbc:' then everything after the : is taken as the key, and CBC mode is used with that key. |
| • | For example, in channel #mircryption, we might use set the keyphrase for the channel to 'test' while in channel #mircryption2 we might use the keyphrase 'cbc:test'. In the first case, the backward compatible original Blowfish ecb mode will be used with encryption key 'test'. In the second case, in channel #mircryption2, Blowfish will be run in CBC mode, with the encryption key 'test'. Note that the 'cbc:' prefix is not part of the actual encryption key used, but you must specify it when setting the key in order to tell mircryption to use CBC mode in that channel/window. |
| • | You can also use the 'cbc:' prefix for setting keys for encrypted logging, as long as your encrypted log viewer has also been upgraded to support CBC mode. We will be modifying the fish dh exchange routine to support CBC mode soon. |
Important Notes
| • | If a person with an old version of mircryption or with another irc encryption addon that does *not* support CBC mode sets a key with a 'cbc:' prefix, you will not be able to understand each other. The new version of mircryption will try to alert you to this fact (but uers with older versions will not receive an error message). If you want to check if your output is being encrypted in CBC mode, you can turn on debugging in mirc and type the same sentence twice and examine the encrypted output; if it's the same both times then you are not in CBC mode, if it's different then you are. |
| • | We still need to test the new Blowfish routines on cpu architectures with different endian values; we suspect that unlike the cbc routines, which are compatible between different endian values, the new routines may not be. If you have some feedback on this issue please let us know. |
Using CBC Mode with Other Tools
| • | Eggdrops (and the mceggdrop tcl addon) do not currently support the new CBC mode keys but the new simple mcps commandline utility does. |
| • | If you wish to write functions to encrypt and decrypt the new CBC style strings from a language such as perl, php, java, etc., be aware that the new CBC mode routines now use the standard base64 encoding and decoding, and that the first 8 bytes of the encrypted text is the IV block that should be fed to the encryption routine. Additionally, a '*' character needs to be prefixed to the text after it has been encrypted and base64'd (and removed prior to decryption), in order to clearly identify it as being encrypted using CBC mode and facilitate error detection. |
|