SecureIM
SecureIM is an encryption system from the software company Cerulean Studios , which was written for the instant messenger Trillian . It only works via the OSCAR protocol (ICQ) if both participants are using Trillian and at least one has established a SecureIM connection. Miranda IM also enables use via a plug-in, but only with the restrictions mentioned above.
functionality
The messages are encrypted and exchanged between the users so that none of the network points in between cannot read them. However, messages are not authenticated and are therefore vulnerable to man-in-the-middle attacks .
According to the manufacturer, SecureIM uses 128-bit Blowfish encryption and only works with the Oscar protocol. Miranda uses 192Bit AES encryption.
criticism
The SecureIM encryption is weak in practice and offers many opportunities for attack. Apart from the lack of protection against man-in-the-middle attacks, a passive attacker can also calculate the key that is used for the Blowfish encryption within a few minutes, since only a 128-bit modulus is used for the key exchange (which would be necessary at least 1024 bits). Compared to the plain text communication common with many instant messaging clients, which can be easily intercepted, SecureIM encryption is still an improvement.
compatibility
There is a plug-in of the same name for the Miranda instant messenger . However, 192-bit AES encryption is used, which is only compatible with other Miranda users.
See also
- Off-the-Record Messaging (OTR)
Individual evidence
- ↑ http://www.mail-archive.com/cryptography@metzdowd.com/msg08129.html
- ↑ - ( Memento of the original from March 5, 2016 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
