mIRC Home    About    Download    Register    News    Help

Print Thread
Page 3 of 4 1 2 3 4
Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: hixxy
I'm not arguing against the addition of encryption/fish, I'm trying to explain that there are existing, efficient methods of doing this.

The issue isn't whether or not preexisting alternate methods exist, it's whether or not Mirc will have this feature included in it's core.

Quote:
Khaled said that this was on his todo list nine months ago so it's probably not coming anytime soon.

I was unaware of that. Good decision on his part.

Quote:
"- Does implementing the request involve an unreasonable amount of time, effort, or resources? No."

You would need access to the mIRC source code to be able to say that with any certainty.

With absolutely certainty, yes. However, you can make a pretty good guess with just a basic understanding of how to implement such a feature. It's likely easy on a scale of very easy-to-very difficult. But it should neither require any major effort nor be very difficult unless Mirc is designed to be exceptionally limiting and handicapped... Something I seriously doubt.

From a code perspective, this stuff isn't anything you'll lose sleep over. It's just not that mountainous or challenging of a task 99%+ of the time. I'd guess that the only reason it hasn't happened yet is Khaled has other things on his TODO list which take higher priority.

Joined: Oct 2004
Posts: 8,330
Hoopy frood
Offline
Hoopy frood
Joined: Oct 2004
Posts: 8,330
Originally Posted By: beer
I'd guess that the only reason it hasn't happened yet is Khaled has other things on his TODO list which take higher priority.


Exactly. No matter how much anyone might want a certain feature, Khaled puts things in based on whatever priority he chooses. It was stated many times in this thread and others that it is on his to-do list. As it hasn't yet been done, it's probably a low priority for him. As mentioned, the percent of users who 1) want encryption, and 2) would use mIRC's instead of a third party if it was available in mIRC, is VERY small. There are many more feature requests that have a much stronger support and would affect a much larger number of people. Those are the features that should have a higher priority. Throw in the fact that was mentioned of various third party options that work great already and it is going to drop even further in priority. Until those are taken care of (and if no other requests come in that also deserve a higher priority), I have a feeling this will remain low on the list.

The point most have been making is that regardless of whether or not it's a useful feature that some would really like to see, there are many more features that are even more useful and affect more people. Most of those who aren't posting in "support" of this wouldn't mind if it was added. They're not saying it shouldn't be added. Instead, if you read the posts, they're just explaining that it's not likely to happen soon and that there are some good alternatives in the meantime. We can't know what Khaled's plans are for upcoming features, but just as you said in your post about guessing... we can make a fairly informed guess that it won't be soon.


Invision Support
#Invision on irc.irchighway.net
Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
Originally Posted By: beer
The issue isn't whether or not preexisting alternate methods exist, it's whether or not Mirc will have this feature included in it's core.


If you read the thread you'll see that the poster I replied to was suggesting there are no viable alternatives; I wasn't the one who brought it up.

Quote:
I'd guess that the only reason it hasn't happened yet is Khaled has other things on his TODO list which take higher priority.


You're probably right.

Joined: Apr 2004
Posts: 871
Sat Offline
Hoopy frood
Offline
Hoopy frood
Joined: Apr 2004
Posts: 871
Originally Posted By: beer
I'd guess that the only reason it hasn't happened yet is Khaled has other things on his TODO list which take higher priority.

I'd guess that it has something to do with the fact that Khaled's own question in this thread regarding how to properly perform initial key exchanges has yet remained unanswered.


Saturn, QuakeNet staff
Sat #229768 16/02/11 11:47 PM
Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: Sat
Originally Posted By: beer
I'd guess that the only reason it hasn't happened yet is Khaled has other things on his TODO list which take higher priority.

I'd guess that it has something to do with the fact that Khaled's own question in this thread regarding how to properly perform initial key exchanges has yet remained unanswered.

The issue of defeating the MITM scenario has been beat to death with plenty of information readily available using simple google searches. The answers are there if you bother to look. I would really hope Khaled doesn't rely on forum replies for something like this.

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Originally Posted By: beer
Further, it doesn't take an exceptionally intelligent mind to understand the reason so many other apps now include this stuff


So many? Name two. (by "this stuff" I assume you mean blowcrypt)


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Originally Posted By: beer
The issue of defeating the MITM scenario has been beat to death with plenty of information readily available using simple google searches


Enlighten us with some keywords, then. The resource I posted a few pages back claims that all existing methods are vulnerable to MITM. I haven't seen any dead horses in my searches. I can barely find any information on blowcrypt implementations at all.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: argv0
Originally Posted By: beer
Further, it doesn't take an exceptionally intelligent mind to understand the reason so many other apps now include this stuff


So many? Name two. (by "this stuff" I assume you mean blowcrypt)

First, if you're just looking to argue, don't waste my time. I'm not interested in the petty back & forth some of "you" seem to enjoy. Secondly, in the future you can google this stuff yourself but this one single time I will play along; SecureCRT, OpenSSH, TIVO DVR's, the Linux kernel, ShareCrypt, SafeHouse, various password management applications for Windows/Linux/Mac/PalmOS/Apple iOS, ........and countless others. It's foolish to question support of fish and DH considering how widely used it is. Basically all it says is that you don't know what you're talking about. I don't say that to be offensive, it's merely a simple observation.

Originally Posted By: argv0
Enlighten us with some keywords, then. The resource I posted a few pages back claims that all existing methods are vulnerable to MITM. I haven't seen any dead horses in my searches. I can barely find any information on blowcrypt implementations at all.

I have no interest in teaching you how to better use the google search engine. If you're having trouble coming across this stuff, you do indeed need to do better at thinking up search terms to use. I'm sure there's plenty of information available on that subject as well. My only suggestion is that you find reference material a little more current then 2009.

I'm done feeding the troll now.

Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
Originally Posted By: beer
I have no interest in teaching you how to better use the google search engine. If you're having trouble coming across this stuff, you do indeed need to do better at thinking up search terms to use. I'm sure there's plenty of information available on that subject as well. My only suggestion is that you find reference material a little more current then 2009.

I'm done feeding the troll now.


Translation: "I searched and couldn't find anything, therefore I'm going to pretend that I won't waste my time because it's so easy and call you a troll for added effect."

If you really want the feature, and Khaled has asked a genuine question about how to prevent MITM style attacks, then maybe you should just humour him and it might give the feature a nudge up his todo list. Implementing a feature when you have the necessary research in front of you is usually quite trivial; having to research something is much more time consuming.

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Originally Posted By: beer
It's foolish to question support of fish and DH considering how widely used it is.


Perhaps you should try paying attention. I wasn't questioning the support of the BLOWFISH ENCRYPTION ALGORITHM. I was asking you to name IRC programs that implement blowcrypt (a specific "protocol"). It doesn't take an exceptionally intelligent mind to understand that TIVO DVR's have little relevance to the needs of an IRC client. Implementing Blowfish over SSH, or encrypting passwords on a local machine with a salt is not at all the same thing as implementing Blowfish over IRC. If you actually read the resource I posted, you will see that the differences are discussed in detail. The article was written for a reason, and the issues mentioned present unique implementation problems w.r.t. IRC.

Since you brought it up, however, the reason those apps include encryption mechanisms is because they are security tools (exception of TIVO DVR's). This is an idiotic comparison. Certainly a security tool will include security features. mIRC is a chat client, not a security tool. The point here is that every other IRC client [that supports plugins] supports blowcrypt through third party plugins (FiSH, mircryption, etc). Why does mIRC need to be different here?

Originally Posted By: beer
My only suggestion is that you find reference material a little more current then 2009.


You do realize that even the *scripts* people use for blowcrypt implementations are 2009 or older, right? FiSH's last release for mIRC was Jan 2010. mircryption's last release was April 2007. These scripts still work for mIRC. New resources are useful when there is new information. There is no new information w.r.t. these implementations. Again, if there is, please show us. This doesn't need to be a google match or some geek-off where you prove that your google fu is better than everybody else's. It's a simple query: please show us some of the information that you claim is out there.



- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: hixxy
Originally Posted By: beer
I have no interest in teaching you how to better use the google search engine. If you're having trouble coming across this stuff, you do indeed need to do better at thinking up search terms to use. I'm sure there's plenty of information available on that subject as well. My only suggestion is that you find reference material a little more current then 2009.

I'm done feeding the troll now.


Translation: "I searched and couldn't find anything, therefore I'm going to pretend that I won't waste my time because it's so easy and call you a troll for added effect."

What exactly do you hope to accomplish by making up a fake "translation"? I don't speak in riddles and secret meanings. It is just as I said. No amount of pretend nonsense you dream up and post is going to change that fact. My suggestion to you is to leave the childish attitude on the playground. Translation: Come on, grow up.

Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: argv0
Originally Posted By: beer
It's foolish to question support of fish and DH considering how widely used it is.


Perhaps you should try paying attention. I wasn't questioning the support of the BLOWFISH ENCRYPTION ALGORITHM. I was asking you to name IRC programs that implement blowcrypt (a specific "protocol").

My statement referring to apps supporting fish was not specific intentionally to point out how widely used it is. Perhaps you should take your own advice and pay more attention. And for the record, I did exactly that.. By all means, please point out where you explicitly asked about "IRC programs that implement blowcrypt":
Originally Posted By: argv0
Originally Posted By: beer
Further, it doesn't take an exceptionally intelligent mind to understand the reason so many other apps now include this stuff


So many? Name two. (by "this stuff" I assume you mean blowcrypt)


[...useless text removed...]

Originally Posted By: argv0
Since you brought it up, however, the reason those apps include encryption mechanisms is because they are security tools (exception of TIVO DVR's). This is an idiotic comparison.

I am not comparing irc clients and security tools. I am not comparing any type of software against another. That's nothing more then an idiotic assumption on your part, with absolutely no merit behind it. I said a lot of apps support fish, you requested I name 'at least two', and I played your game. As has already been pointed out to you, "my statement referring to apps supporting fish was not specific intentionally to point out how widely used it is." I would hope that isn't too difficult of a concept for you to follow.

[...useless text removed...]

Originally Posted By: argv0
You do realize that even the *scripts* people use for blowcrypt implementations are 2009 or older, right?

True or not, that has no relevance what-so-ever. Fish encryption is widely used. That's fact. Fish encryption is something users have consistently requested be a part of mirc's core. That's fact.

[...useless text removed...]

In closing I'll say quite simply that your lack of knowledge, refusal to do your own homework, and your resistance to the truth is nothing more then your problem. I'm not particularly motivated to help those who willingly choose to be ignorant or want to argue just for the sake of arguing because they have nothing better to do. This is in fact an internet message forum, I probably shouldn't have expected any different.

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Originally Posted By: beer
I'm not particularly motivated to help those who willingly choose to be ignorant or want to argue just for the sake of arguing because they have nothing better to do.


The irony of this is funny. I'm not "arguing", I'm asking you to provide information to Khaled. You're the one who is resisting, citing idiotic reasons such as "I shouldn't need to teach you how to use Google".

If you want to have a constructive discussion, I'm all for it. We're waiting on you, though. You mentioned you know of resources regarding ways to solve the MITM attack over IRC. Please list your resources.

If you're only interested in passive aggressive idiocy and personal attacks, go somewhere else. That behaviour is not tolerated here.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Oct 2004
Posts: 8,330
Hoopy frood
Offline
Hoopy frood
Joined: Oct 2004
Posts: 8,330
Might as well not bother arguing with him. He's your typical troll... providing no useful information to the thread while inciting arguments. I think this thread has already been derailed enough that it's not really very useful to anyone.

For anyone who really wants encryption, then as requested, please offer real suggestions on implementation of a secure key exchange method that would work in IRC. Offering real suggestions instead of telling people to search will give you a much greater chance to see this implemented. Acting high and mighty about how superior you are because you know something someone else doesn't is a waste of everyone's time and really just shows how little you know.


Invision Support
#Invision on irc.irchighway.net
Joined: Sep 2005
Posts: 2,881
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Sep 2005
Posts: 2,881
Sorry you're right, that was childish, however you chose to ignore the sensible part of my post.

Khaled asked if there was a decent method of preventing MITM attacks. You claim to know of such a method. Clearly, if you furnish Khaled with that information, there is a slight chance this may get into mIRC faster.

Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
argv0:
I've already said I'm done playing your game. If you want your questions answered, do the work yourself, as I have. Stop being the adolescent that whines about not knowing something but refuses to take any initiative to learn. I'm not here to spoon feed you, put on your big boy pants and do it yourself. While you're working on you, try to stop being the adolescent that spills milk on the floor and then tries to blame whoever is in closest proximity for it. Take responsibility for your own behavior before you attempt advise others on it. Lead by example, champ.

Riamus2:
I hope you're not implying that I'm the one acting high, mighty, and superior. I have never made any such claims or insinuations, nor do I believe a person with more knowledge & experience on a given subject somehow makes them superior as a person. People who claim to be superior, and those who accuse others of it with no real merit, tend to be the victim of their own feelings in inadequacy.

hixxy:
Khaled made an inquiry nearly a year ago. If after all this time he still needs guidance, and assuming he's already done his own homework first, then he's welcome to msg me privately on the matter.

Joined: Apr 2004
Posts: 871
Sat Offline
Hoopy frood
Offline
Hoopy frood
Joined: Apr 2004
Posts: 871
Originally Posted By: beer
I'm not here to spoon feed you, put on your big boy pants and do it yourself.
[..]
I hope you're not implying that I'm the one acting high, mighty, and superior.

One single post. Amazing.

Originally Posted By: beer
he's welcome to msg me privately on the matter

He could, but so far you've done nothing to show your expertise on the subject. Moreover, if you know anything about design of security-related algorithms, you would know it is in everyone's best interest that it gets as much public scrutiny as possible.

Khaled asked for help with a problem, you're not providing a solution, and yet you're making claims about how hard the solution would be to implement. Why don't you put your money where your mouth is, and present a solution right here?

If you don't, the conclusion must be that either you don't know, or you don't care all that much. Either way you'd have made a lot of noise for nothing.


Saturn, QuakeNet staff
Sat #229850 18/02/11 05:44 AM
Joined: Jul 2007
Posts: 66
B
Babel fish
Offline
Babel fish
B
Joined: Jul 2007
Posts: 66
Originally Posted By: Sat
Originally Posted By: beer
he's welcome to msg me privately on the matter

He could, but so far you've done nothing to show your expertise on the subject. Moreover, if you know anything about design of security-related algorithms, you would know it is in everyone's best interest that it gets as much public scrutiny as possible.

By the same token, nobody has outlined their expertise on this subject. All I've seen is a lack thereof which doesn't exactly motivate me to oblige.

Public scrutiny only has value when the people doing the scrutinizing have a level of knowledge & experience on the subject. From what I've seen thus far this is hardly the place for such discussions. If you actually have genuine experience dealing with encryption and security systems then by all means let's move this to a forum of peers where the conversation can flourish rather then continue the useless bantering & petty insults going on here.

Quote:
Khaled asked for help with a problem, you're not providing a solution, and yet you're making claims about how hard the solution would be to implement. Why don't you put your money where your mouth is, and present a solution right here?

As I've said, he's welcome to msg me privately. Beyond that nobody here has given me any indication I should take anything they say seriously. People are free to make all the demands they like but if they don't provide motivation to meet them, they won't be.

Quote:
If you don't, the conclusion must be that either you don't know, or you don't care all that much. Either way you'd have made a lot of noise for nothing.

In all honesty, the more posturing that takes place, the less I care so you are correct in that assessment. I should have read all posts rather then skimming through so. However, that doesn't place blame solely on my shoulders by any means. Had some of these people replied with a little more decency and a little less adolescence, this thread would likely be quite different and far more beneficial to the end goal.

Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
Originally Posted By: beer
... let's move this to a forum of peers where the conversation can flourish rather then continue the useless bantering & petty insults going on here.


This is a forum of peers. And to be fair, the source of most of the "petty insults" are coming from your username. So far you're the only person to have made assumptions about other people's qualifications and intelligence (in fact, you've done so in this very post). Everybody else is genuinely curious what information you think is too complicated for us to understand that you require a private discussion with Khaled.

Secondly: why does Khaled need to message you? Just provide your solution right here. --- as many people have asked you to. Or.. if you're really worried about public scrutiny, you can message him privately. Otherwise, I concur with Sat: you either have no information, or don't actually care enough about actually getting this implemented. A pragmatic person would put aside their ego if they actually believed their information was more valuable than... their ego.

I'll repeat my request again, just in case you want to derail the discussion again with personal attacks: can you please provide us with the information Khaled requested regarding MITM attacks and Blowfish encryption? I'll ask that you please not respond to me unless you plan on sharing this information. Anything else would be useless bantering and petty insults, and I know you don't want that either.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"
Joined: Feb 2011
Posts: 4
N
Self-satisified door
Offline
Self-satisified door
N
Joined: Feb 2011
Posts: 4
If it's on the todo list then that's good enough for me... Unfortunately when I first read this thread I had assumed that it was not in consideration. Especially when a few users argued strongly that it wasn't needed. We could argue that ssl was never needed and just use a wrap... but isn't using port +xxxx nicer?
As for my tests, I didn't think I needed to post a simple loop to explain...
alias looptest {
unset %counter
echo START
set %testtime $ctime
while ($calc(%testtime + 5) >= $ctime) {
inc %counter
}
scon 1 echo END - %counter
}
anything similar is good enough... anyhow 6.2 outputs 200,000 to 250,000 and 7.17 outputs 160,000 to 190,000. (Other commands were put in the loop with similar % ratio differences) Now here's a weird one... If I set the priority of mirc.exe (7.17) to real time, it only uses one core at 100% (when loaded). But if I set it back to normal, it uses all 4 with a range of 40-60%. The weird part is the above loop yields the same results.
I would have naturaly assumed that multi-core would have considerable difference but nope. What's even funier is I was not even aware of all this until I told someone my script was just tested in 7.17 and works 100%... His reply was "Just make sure it still works in 6.xx" What would be really cool is if we could send aliases to cores of our choosing, but probably too hard or impossible to implement. (Just an need idea, like scon 1, have core 1) Anyhow I'll leave that up to u guys to figure out. Always strapped for time. wink
http://msdn.microsoft.com/en-us/magazine/cc163340.aspx

Page 3 of 4 1 2 3 4

Link Copied to Clipboard