Mega Code Archive

 

Categories / Delphi / Examples

 

Secure chat

Textual chat protocol that implements a public-key algorithm in conjunction with an asymmetrical algorithm. Secure Chat This is how this chat protocol goes: [HANDSHAKE] Alice requests chat with Bob by sending him a request encrypted with his public key containing a random session 128bit key and a random 128bit synchronization key. Bob acknowledges Alice with a similar message encrypted with her public key containing a random 128bit key and a 128bit synchronization key. Both parties can identify each other by their public keys. [MESSAGE EXCHANGE] Sender adds a new random 128bit synchronization key to the end of the message and encrypts it with the protocol ID key, the session key is XORed with the previous synchronization key. Finally the message is re-encrypted with the session key. Theoretical resistance to know attacks: [FAKE MESSAGE INJECTION] Fake messages can be filtered out easily because the decryption process will leave them garbled, the user can notify the application of the fake message so that it will ignore the synchronization key in that message. By this process the session cannot be compromised by an active eavesdropper. [REPEATED MESSAGE INJECTION] Repeated messages cannot be used to reset the session key to a previous state as means to obtain multiple cipher text blocks encrypted by the same key because the random synchronization key has no mathematical relationship with the session key. [REQUEST IMPERSONATION] An active eavesdroper cannot request chat with Alice if he claims to be Bob because he will not be able to decrypt her acknoledgement which denies him decrypting any of her messages. In this situation Alice is fully able to decrypt the eavesdroper's messages. [ACKNOLEDGEMENT IMPERSONATION] If an active eavesdroper intercepts Alice's request to Bob, he cannot decrypt her request which prevents him from decrypting any of her messages. [CHOSEN PROTOCOL ATTACK] The protocol ID key disolves any relationship between cipher text from the chat program and cipher text from a similar program that may contain the same plain text. [PSEUDO-RANDOM WEAKNESSES] The program will gather enough random bits from know sources of entropy to generate unpredictable synchronization keys. The session key will remain unpredictable as well because it is directly affected by the synchronization key. (C)Copyright DrMungkee 2000