Add security warning to README alsoHEADmaster

1 files changed, 24 insertions, 1 deletions

diff --git a/README b/README
index 5cab819..ba9b4c9 100644
--- a/README
+++ b/README
@@ -6,7 +6,15 @@
 
 
 FiSHLiM is a HexChat plugin for FiSH IRC encryption. It's my attempt at making
-a simple, lightweight and secure plugin for this encryption protocol.
+a simple and lightweight plugin for this encryption protocol.
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! WARNING: FiSH encryption is not secure. See the security section below. !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+NOTE: A modified version of FiSHLiM is now bundled with HexChat. If you
+use HexChat you should generally not install this plugin (and if you do
+you need to remove the bundled version of FiSHLiM).
 
 For installation instructions, see the INSTALL file.
 
@@ -28,6 +36,9 @@ Not working:
   * Topic encryption
   * Remote exploitation (hopefully!)
   * Plaintext content that contain +OK is decrypted twice
+  * Very long messages (more than ~200 characters)
+  * encryption of /me messages
+  * Message authentication
 
 
 Commands
@@ -66,3 +77,15 @@ Commands
     Deletes the given nick or channel from the configuration file.
 
 
+Security warning
+----------------
+FiSH encrypts your messages in ECB mode (in other words, in independent
+blocks). If the same block appears two times it will be encrypted the
+same way both times.
+
+So, never give untrusted people unencrypted chat logs if they also have
+the encrypted version! Then they can decrypt the messages if they appear
+again. Also, it's possible to make statistical attacks or replay
+attacks. The CBC mode is somewhat better, but does not use a HMAC and no
+timestamp/nonce, so it is still not secure against message manipulation
+or replay attacks.