| Learning is fine, just add a disclaimer that it's actually probably not so secure.
Oh please don't get me started on FiSH, and PLEASE don't model anything after fish.
I had the same problem as you, there's no useable crypto for irc. - The FiSH plugin for Xchat has a (possibly remote) buffer overflow in the Diffie-Hellman key exchange. - FiSH uses ECB mode. Seriously. ECB.... ECB... might as well use no crypto. - IIRC FiSH wastes two bytes per 8 byte block the way it does Base64, not sure about this anymore, it's been a while. So I tried to find a better plugin and mod it a bit which I did (https://gitorious.org/fishslim/dumfish). But I didn't realize back then that FiSH uses ECB mode. Since the DH key exchange is not authenticated it's useless. So I dropped it and hacked my own (for Xchat, https://github.com/lawl/dumfish), which doesn't offer DH key exchange but CBC mode instead of ECB, we exchanged keys manually via OTR.
(And just makes me realize I also don't have a disclaimer, so I'll add this now.) Disclaimer: Also not a cryptographer, so it's probably not secure. Do not use for anything serious. If you want to look at a secure protocol, please look at OTR: http://www.cypherpunks.ca/otr/ |