summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuel Lidén Borell <samuel@kodafritt.se>2019-03-22 00:13:12 (GMT)
committerSamuel Lidén Borell <samuel@kodafritt.se>2019-03-22 00:13:12 (GMT)
commit472617ca6e270e2628d8586e47c405552646f277 (patch)
tree52d4eaf99bfeaca042b5319fddfa270cbd00ed5c
parentf952f6f21f6b7786e10d06a5ca90749f6e9f1f40 (diff)
downloadfishlim-master.zip
fishlim-master.tar.gz
fishlim-master.tar.bz2
Add security warning to README alsoHEADmaster
-rw-r--r--README25
1 files changed, 24 insertions, 1 deletions
diff --git a/README b/README
index 5cab819..ba9b4c9 100644
--- a/README
+++ b/README
@@ -6,7 +6,15 @@
FiSHLiM is a HexChat plugin for FiSH IRC encryption. It's my attempt at making
-a simple, lightweight and secure plugin for this encryption protocol.
+a simple and lightweight plugin for this encryption protocol.
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! WARNING: FiSH encryption is not secure. See the security section below. !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+NOTE: A modified version of FiSHLiM is now bundled with HexChat. If you
+use HexChat you should generally not install this plugin (and if you do
+you need to remove the bundled version of FiSHLiM).
For installation instructions, see the INSTALL file.
@@ -28,6 +36,9 @@ Not working:
* Topic encryption
* Remote exploitation (hopefully!)
* Plaintext content that contain +OK is decrypted twice
+ * Very long messages (more than ~200 characters)
+ * encryption of /me messages
+ * Message authentication
Commands
@@ -66,3 +77,15 @@ Commands
Deletes the given nick or channel from the configuration file.
+Security warning
+----------------
+FiSH encrypts your messages in ECB mode (in other words, in independent
+blocks). If the same block appears two times it will be encrypted the
+same way both times.
+
+So, never give untrusted people unencrypted chat logs if they also have
+the encrypted version! Then they can decrypt the messages if they appear
+again. Also, it's possible to make statistical attacks or replay
+attacks. The CBC mode is somewhat better, but does not use a HMAC and no
+timestamp/nonce, so it is still not secure against message manipulation
+or replay attacks.