Data over the Internet is insecure. This is entirely due to it's implementation rather than the Internet's design. This has lead to a lot of private communications only appearing to be private, but in reality, entirely out in the open and easily someone you can eaves-drop in on. A common solution to this problem has been to implement Secure Sockets Layer, which makes your client encrypt data before it's transmitted to a server, where it's decrypted The data it's self is only encrypted during the transmission between Client and Server. This sounds good because someone who listens in on the line will be unable to see what happens. Unfortunately, there are still many exploitable vectors to look at. The intended recipient should be the only one who gets the unencrypted message, not any of the middle men.
I intend to create a chat system that encrypts and decrypts on the client-side only, without any user-based access (attempting to support a more anonymous Internet).
Design:
Implementing the SJCL, with limited configurations (initially; version 0) around other JavaScript code, using jQuery for ajax transactions to php file which interacts with a one-table database. You may select a channel for communication, this may be used for greater privacy (but not security, as all data is public in this system). Within a chat party, only data which is successfully decrypted will display; if you decrypt something with the wrong key, it won't display anything. To the user, you are only in the proper 'channel' of conversation.
Issues:
1) The SJCL presently returns and expects malformed JSON objects.
2) The SJCL encrypted object does not explicitly identify all pertinent details.
3) The decrypted data is not sanitized for the web browser: This allows for a Mallory-based attack if you decrypt a malicious javascript payload.
Implementation:
Total weight of the code is less than 150 lines. It works, I don't have any serious glitches, but version 0 is working quite nicely. Data is posted and special MySQL characters get escaped, all data in a party is sent to the client to get decrypted. Security of information is in the encryption, not in hiding access to it. Data is removed after it ages 1 hour (this is variable).
Future features:
- Configuration panel to modify cryptographic settings
- A mechanism to preserve data. Cookies, HTML5 database, a login? Not sure yet...
- Make the chat window modular. Multiple tabs, pop-ups, jQueryUI-Dialogs...
- More CSS to the boring page. Zebra stripe messages.
- Box to prepend something like a name-- Or issue 'names' to users.
- Server should reject non-encrypted data. Examine it somehow.
- Option to easily view raw data in a party, so everyone knows what's going on with the data.
- Deal with various issues around SJCL (ie, failed decryption should not error).
- Put over SSL.
Thoughts:
I wonder how the Ulam Spiral will alter cryptography...
Why?
I can't stand most chat systems. They're insecure, they're buggy, MSN has that stupid half-my-screen advertisement if I mouse-over it. Without a login, there's no 'password to your account,' so crazy ex-girlfriends don't try and guess my passwords every weekend. I can change streams whenever I want, it's very cloak-and-dagger style. I like it. It's not intended for computer illiterate folks.