Originally Posted By: Khaled
Yes, I was referring to authentication. Without authentication, there is no way for you to know whether your communication on IRC is being monitored. Since it would be trivial for an IRC server to monitor all messages and to automatically initiate, without any human intervention, MITM attacks during key exchange and then decrypt all messages on-the-fly, it seems to me that this would give users a false sense of security. As you say, you would need to exchange keys on a secure channel outside of IRC, which makes things a little more complicated.

Use the ident server so to speak(IS):
CLIENT: /ctcp <nick> GETKEY <ip>
SERVER: /ctcpreplay <nick> GETKEY <ip>:<port> pass

CLIENT-> connects to IS -> SENDS: server-port, user-port :: KEYREQ nick:pass network/server
SERVER -> REPLIES: server-Port, user-Port :: KEYACK <key>

Then, for a user to get the key: /GetKey <nick>/<address> port
Or something of the such

Last edited by FroggieDaFrog; 18/07/10 01:47 PM.

I am SReject
My Stuff