Design plans for encrypted secure online chat. Review needed

Networking/Security Forums -> Cryptographic Software and Hardware

Author: rasmusbergpalm PostPosted: Fri Oct 29, 2010 1:11 pm    Post subject: Design plans for encrypted secure online chat. Review needed
    ----
UPDATE 2/12/2010: It's released! Check it out at https://aespad.com and give me some feedback

Hi. I'm currently putting together a secure use-and-dispose chat, inspired by sites such as piratepad.net. Let's call it OBSCURA for now (working name)

An online alpha can be found at: http://bergpalm.dk/obscura/
Please do not missuse, i'll close it down if it recieves to much traffic.

Usecase:
Alice goes to obscura.tld and presses create secure chat
Alice inputs her name and the password for the chat
Alice enters the chat, and is given an url to share with Bob
Bob goes to url, enters name and same password as alice
Alice and Bob shares a private conversation.
When both log out the chat is destroyed.

Design considderations:
The encryption scheme used is AES in Counter mode of operation as implemented here http://www.movable-type.co.uk/scripts/aes.html
All encryption/decryption is performed in javascript to keep keys clientside.
When a chat is created, a salt is generated based on microtime + some pseudorandom numbers
The salt is sent to the clients
All encryption/decryption is performed against the password+salt
When Alice (chat owner) enters the chat, she sends a SHA1 hash (computed locally in javascript) of her password+salt to obscura. This is saved to the chat
When Bob tries to enter chat he sends a SHA1 hash of his password+salt. If this matches the one supplied by Alice he's allowed in, else he is denied.

Why i think this is secure:
The keys never leave the clients
The only thing kept in the central DB are encrypted messages and a SHA1 of the password+salt for any given chat
Even if someone got access to the messages circumventing the authentication, they'd need the password to read them.

But don't trust my word for it. Setup your network analysers, check out the source code etc. to make sure that your password never leaves your machine.

I'll release the source code under a GNU v.3 when time comes.
What have i missed here? What are the security pitfalls? Do i need ssl/https? (since everything that leaves/enters the client are already encrypted)

Cheers, Rasmus.



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group