|hgc 8b621c16d4 patch impersonation bug||6 months ago|
|.gitignore||7 months ago|
|.travis.yml||8 years ago|
|LICENSE||6 years ago|
|README.md||6 years ago|
|Requirements.txt||7 months ago|
|croxy.py||6 months ago|
|test.py||8 years ago|
WARNING: Currently the salt that croxy uses is hard-coded. This reduces the safety of the encryption. Contributions welcome :-)
Croxy sits between your IRC client and the IRC server, encrypting (AES-256) and decrypting all messages as they go through. People in the public channel without croxy, or with the wrong password, will see things like 3kOUXrxZzdJbqan21MpxNcycfrwylXNABtGSLyNCKWU= instead of your messages.
There is no install, you just run the script. You must have Python v3.2+ (you probably already do).
Just run the script, giving the address of the IRC server you want to connect to.
python3 croxy.py irc.freenode.net
For other networks substitute
irc.freenode.net. The default port used is 6697, which is the default IRC SSL port. To use a different port (must support TLS/SSL) add to the end of the line like this:
python3 croxy.py irc.example.com 7778. Croxy will only connect over TLS/SSL, not over plaintext.
It will ask you for the password to use for encryption. Everyone in the channel will need to use the same password to communicate.
Then point your IRC client to
localhost (default port 6667), and away you go.
The window in which you started Croxy will display the traffic as the remote server sees it. If it's encrypted in that window, it's encrypted on the server. Only PRIVMSG are encrypted - that's the messages you type into your client. Nicknames changes, joining a channel, etc, are NOT encrypted (otherwise the remote IRC server would get very confused).
Security of your messages depends on the security of the shared password. You need a way to exchange the password so that the recipients know it came from you, and only the recipients can read it. The answer is GnuPG. Try GPG Quick Start.
A. Exchange public keys with all the people who will be in your channel.
gpg --armor --output pubkey.txt --export 'Your Name'
gpg --keyserver pgp.mit.edu --send-keys 'Your Name'
gpg --keyserver pgp.mit.edu --search-keys 'firstname.lastname@example.org'
B. Every day, send the password in an encrypted, signed message to those people.
gpg --encrypt --sign --armor -r friend1 -r friend2 password.txt
C. Start Croxy!
Croxy protects what you say, not who you say it too. In other worlds people watching will be able to see who you are talking to, and when, but not what you are saying. If this concerns you, you should connect to the IRC server using Tor. It also makes sense to use a nick different than your usual one.
You should change the password every day, so that if the password is compromised you lose a single day of logs. Ideally someone from your channel should send the new password (GnuPG encrypted and signed) to all participants, each morning.
Honestly, I can't say, but here's some things that might make you feel safer:
The PBKDF2 implementation is from Django.
If you install pycrypto 2.6+ (
sudo pip-3.2 install pycrypto) croxy will detect and use that automatically for AES. The built-in AES implementation is compatible with pycrypto.
Croxy is free software. It includes code from different sources. All code is either dedicated to the public domain by its authors, or available under a BSD-style license. In particular:
Code written by Trevor Perrin (AES) is free and unencumbered software released into the public domain.
Code written by Bram Cohen (rijndael) was dedicated to the public domain by its author.
Code from Django Software Federation (pbkdf2) is BSD licensed.
All other code in Croxy is (c) 2013-2015 Graham King, released into the public domain. See LICENSE file.
To run the unit tests:
For code coverage (first
pip-3.2 install coverage):
coverage3 run test.py coverage3 report --include=croxy.py --show-missing
Happy safe chat!