From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: 103376,a79652a22930869 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2002-01-17 12:56:15 PST Path: archiver1.google.com!news1.google.com!sn-xit-02!supernews.com!news.tele.dk!small.news.tele.dk!129.240.148.23!uio.no!nntp.uib.no!not-for-mail From: Gisle =?iso-8859-1?Q?S=E6lensminde?= Newsgroups: comp.lang.ada Subject: Re: Ada program needs to ping another machine. Date: 17 Jan 2002 20:56:14 GMT Organization: Institutt for Informatikk, UiB Message-ID: References: NNTP-Posting-Host: apal.ii.uib.no Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: toralf.uib.no 1011300974 19800 129.177.16.7 (17 Jan 2002 20:56:14 GMT) X-Complaints-To: abuse@uib.no NNTP-Posting-Date: 17 Jan 2002 20:56:14 GMT User-Agent: slrn/0.9.7.2 (SunOS) Xref: archiver1.google.com comp.lang.ada:19027 Date: 2002-01-17T20:56:14+00:00 List-Id: Preben Randhol wrote: > On Thu, 17 Jan 2002 16:36:04 GMT, Frank wrote: >> Im not using chat-programs alot. But are there anyone that offers >> encryption? >> If not - could that be an idea? > > Yes, but as I said before it is not a chat program where one send one > line of text at a time, but rather a stream of characters that are > continously read. I don't know if it makes sense trying to encrypt one > character, but I haven't read much about encryption so I do not know. > But if it is possible it would be nice. Cryptography is very difficult to get right, and you should not try to design it yourself but rely on existing. Even using existing technology is not without potential problems, and without understanding of how and why the system is secure you may make the system unsecure. I can think of several strategies for doing this You could use the SSL/TLS protocol and flush the socket for each byte you type. The TLS protocol should be secure in this case as well. Even though the TLS protocol is tcp-based, you should be able to use the protocol. This also make it possible to authenticate the peers at startup of the protocol. In practice you can use the openssl library to do the cryptography. The AWS web server use the openssl library to implement the TLS/SSL layer of the https protocol. You could use the AWS source as an example. Another example is the kerberos protocol. I would recomend this strategy. If you insist to use a packet based protocol (udp-style), then things become harder. Several protocols that have been applied have proven to be weak. On example is the encryption protocol for 803.11 wireless networks. Even though this was designed by aperently competent people. Also the packet-bases extension to TLS used in WAP phones have similar problems. One protocol that is belived to be secure is the IPSEC protocol, and the design could be reused. The protocol is quite complex however (800 pages of RFC documents I have heard, but I have not counted myself). Also, to apply a protocol to a diffent usage than intended can introduce problems as well. OK - since NSA probably never will care about what you write in a chat session, you can ignore some of the arguments above. One protocol thst is quite simple to implement is the CIPE protocol. This is used for making VPNs. The protocol is not secure against reply-attacks, but that's probably not a problem in chat application. The protocol require that the peers shares a secret key, and that may be inpractical. > One problem I thought of now is that on a multi-user environment I have > to be able pass the connection to the correct user. The daemonn need to > be connected to a standard port so that the other machine can connect to > it I would think. I'm unsure how to do this. I think I should check the > source code of talk and the talkd daemon. On Windows (or Mac) it is > easier as then the environment is single user so the program that the > user run can connect directly to the port. > > Preben -- Gisle S�lensminde ( gisle@ii.uib.no ) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead. (from RFC 1925)