A quick update on this:
I haven't received a reply from flakes, however their last update to FiSH 10 was in 2023, so it may be that they are no longer updating it.
There have been a large number of FiSH projects for different clients over the years, a few of which are on github. One of them, mIRC FiSH 11, written in Rust, is a modern update that uses X25519 and ChaCha20-Poly1305. Unfortunately, I couldn't get it to work. I also noticed that some (perhaps older?) FiSH implementations of blowfish CBC are not compatible with each other.
I have continued updating/testing the FiSH 10 source code. Functions for AES-GCM and ChaCha20-Poly1305 authenticated encryption have been added, as well as X25519 key exchange and Socialist Millionare Protocol. However, these have not yet been integrated into FiSH 10, eg. DH1080 currently uses events such as DH1080_INIT, DH1080_FINISH, etc. and +OK as a prefix to blowfish encrypted text. It is likely new events will be needed, such as X25519_INIT, X25519_FINISH, etc. and +AES and +CHA as prefixes to encrypted text. Extending FiSH 10 to support these will need some significant changes to the FiSH 10 code.
For the Socialist Millionare Protocol, I would need to add new events as it has several separate steps of back and forth between two parties to authenticate a secret. Users still need to share that secret out-of-band.
I also expect to update the fish_10.mrc script to handle these changes. Once I have verified everything is working, I will likely add native FiSH events/menus/dialogs to mIRC to mimick the script.
If you try out Pidgin with OTR, you'll get an idea of how it would work. Using
OTR would have been a possibility but it is LGPL, so mIRC cannot link to it statically. This means it would need to be included as a separate DLL, something that I have avoided with mIRC so far. That said, it has not been updated in many years and
OTR4 is in draft and development seems to have stalled some time ago. Update: libotr also has a GPL libgcrypt dependency which would take a fair bit of work to replace with OpenSSL.
The development of
IRCSRP also seems to have stopped a long time ago.
This is going to take a fair bit of work, so if you have ideas/comments/suggestions, now is probably the time to make them :-)
