FiSHLiM http://fishlim.kodafritt.se/ FiSHLiM is a HexChat plugin for FiSH IRC encryption. It's my attempt at making a simple and lightweight plugin for this encryption protocol. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! WARNING: FiSH encryption is not secure. See the security section below. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! NOTE: A modified version of FiSHLiM is now bundled with HexChat. If you use HexChat you should generally not install this plugin (and if you do you need to remove the bundled version of FiSHLiM). For installation instructions, see the INSTALL file. Features -------- Working: * Sending/receiving messages * Topic decryption * Using unecrypted keys / keys without a password from blow.ini * Pure protocol-level filtering (works with highlighting, nick coloring etc) * Partially encrypted messages (i.e. prefixed with nickname by a bouncer) * CBC mode Not working: * Key exchange * Password-protected key storage * Topic encryption * Remote exploitation (hopefully!) * Plaintext content that contain +OK is decrypted twice * Very long messages (more than ~200 characters) * encryption of /me messages * Message authentication Commands -------- /setkey [nick or #channel] [mode:]password Sets the encryption key for the nick or channel to password. The keys are stored in the configuration file in ~/.config/hexchat/blow.ini Optionally, the block cipher mode for outgoing messages may be specified. If unspecified it will be ECB for backwards compatibility, but for greater security, please use CBC mode if possible. For incoming messages, the block cipher mode is auto-detected, regardless of which mode was configured with this command. /ciphermode [nick or #channel] mode Sets the cipher mode to ECB or CBC. See /setkey. /copykey from [to] Copies the key from the given channel or nick. If no "to" nick or channel is given, then it copies to the one which is currently open. This command can be used to use an existing channel key when chatting with a single user. To do so, open a dialog with the user and type /copykey #nameofchannel /delkey nick-or-#channel Deletes the given nick or channel from the configuration file. Security warning ---------------- FiSH encrypts your messages in ECB mode (in other words, in independent blocks). If the same block appears two times it will be encrypted the same way both times. So, never give untrusted people unencrypted chat logs if they also have the encrypted version! Then they can decrypt the messages if they appear again. Also, it's possible to make statistical attacks or replay attacks. The CBC mode is somewhat better, but does not use a HMAC and no timestamp/nonce, so it is still not secure against message manipulation or replay attacks.