Re: Ada program needs to ping another machine.

["Gisle Sælensminde" <gisle@apal.ii.uib.no>]

Preben Randhol wrote:
> On Thu, 17 Jan 2002 16:36:04 GMT, Frank wrote:
>> Im not using chat-programs alot. But are there anyone that offers
>> encryption?
>> If not - could that be an idea?
> 
> Yes, but as I said before it is not a chat program where one send one
> line of text at a time, but rather a stream of characters that are
> continously read. I don't know if it makes sense trying to encrypt one
> character, but I haven't read much about encryption so I do not know.
> But if it is possible it would be nice.

Cryptography is very difficult to get right, and you should not try to
design it yourself but rely on existing. Even using existing technology
is not without potential problems, and without understanding of how and
why the system is secure you may make the system unsecure. 

I can think of several strategies for doing this

You could use the SSL/TLS protocol and flush the socket for each byte
you type. The TLS protocol should be secure in this case as well. 
Even though the TLS protocol is tcp-based, you should be able to use
the protocol. This also make it possible to authenticate the peers
at startup of the protocol. In practice you can use the openssl library
to do the cryptography. The AWS web server use the openssl library to
implement the TLS/SSL layer of the https protocol. You could use 
the AWS source as an example. Another example is the kerberos protocol.
I would recomend this strategy. 

If you insist to use a packet based protocol (udp-style), then things
become harder. Several protocols that have been applied have proven to
be weak. On example is the encryption protocol for 803.11 wireless 
networks. Even though this was designed by aperently competent people.
Also the packet-bases extension to TLS used in WAP phones have similar
problems. One protocol that is belived to be secure is the IPSEC 
protocol, and the design could be reused. The protocol is quite 
complex however (800 pages of RFC documents I have heard, but I have
not counted myself). Also, to apply a protocol to a diffent usage than
intended can introduce problems as well.

OK - since NSA probably never will care about what you write in 
a chat session, you can ignore some of the arguments above.
One protocol thst is quite simple to implement is the CIPE protocol.
This is used for making VPNs. The protocol is not secure against
reply-attacks, but that's probably not a problem in chat application.
The protocol require that the peers shares a secret key, and that 
may be inpractical.

> One problem I thought of now is that on a multi-user environment I have
> to be able pass the connection to the correct user. The daemonn need to
> be connected to a standard port so that the other machine can connect to
> it I would think. I'm unsure how to do this. I think I should check the
> source code of talk and the talkd daemon. On Windows (or Mac) it is
> easier as then the environment is single user so the program that the
> user run can connect directly to the port.
> 
> Preben


--
Gisle S�lensminde ( gisle@ii.uib.no )   

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead. (from RFC 1925)