Hello, this post is kind of a reply to or follow-up on that old "Native FiSH support" thread
caused by the changes in mIRC's v7.31 beta
, I hope you don't mind.
But first, having no experience with Blowfish so far, I'd like to get some things up cleared up in order to understand them better.
Regardless of ECB/CBC and the question of how the secret key is exchanged, is this how it basically works?
User A types a message, their client encrypts it using the key, and sends out the encrypted message with a prefix, I take it that "+OK " is the standard here?
User B (and other users in case this is taking place on a channel) receives the message, their client recognizes it as being encrypted due to the prefix, then decrypts it using the same key and displays it in plaintext to the user.
Now I've read about there being different solutions for mIRC, where the currently recommended ones intercept the reception/sending of messages on scripting level and do the en-/decryption using a custom DLL.
Why would older solutions patch anything in the executable or its memory, or hook its sockets or anything like that?
To get back to the above mentioned beta, let me quote from the changelog:
8.Extended $encode/$decode to support blowfish. By default, the method
is compatible with OpenSSL and uses CBC, key hashing, a random salt
and PKCS#5 padding. The identifier format is:
$encode(%var | &binvar, switches, key, [salt | iv])
$decode(%var | &binvar, switches, key, [salt | iv])
Where the switches are:
method: c = cbc or e = ecb encryption (one or the other)
key: l = literal key (optional, must be 56 characters)
salt/iv: s = salt or i = iv or r = randomiv (all optional)
padding: z = zeros, n = one and zeros, p = spaces (all optional)
So instead of using a custom DLL, you can now make a very basic on input & on text script using $encode/$decode now?
What I don't understand yet are the salt/iv and the padding.
I'm interested in using Blowfish with mIRC but I'd rather not use one of these huge scripts that are also likely to be incompatible with my own scripts.
And if a custom DLL is not required anymore, I'd like to make a simple script of my own after reading up on this some more. On that note, I'd welcome any good reading material.