Best way to add an end-to-end password-based security layer
Louis Granboulan
louis.granboulan.developer at gmail.com
Wed Dec 16 13:06:37 EST 2009
Dear pidgin and libpurple developers,
I am part of a project that is planning to add an end-to-end password-based
security layer to libpurple-based instant messenging software.
The basic idea is to add a button to any chat window, that will enable to
create an encrypted chat with the same participants. The encryption would be
secured by a password-authenticated key-exchange (cf.
http://en.wikipedia.org/wiki/Password-authenticated_key_agreement ).
Therefore, there would be the need of a few changes in the user-interface:
the "create encrypted chat" button, the popup for the password, and the
creation of the encrypted chat window.
On the implementation part, the idea would be to do everything encoded in
the messages exchanged through the instant messenging protocol. Therefore,
it would be protocol independent. A nice way to do it would probably that
pressing the "create encrypted chat" button creates a filter for all the
mesages received and sent. Un-encrypted messages would probably be encoded
with a prefix, e.g. 0, and all the messages for the encrypted channel (the
messages that help to setup the channel and the messages that are encrypted)
would be encoded with another prefix.
What are your comments?
Regards,
Louis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/devel/attachments/20091216/7fd11b9d/attachment-0001.html>
More information about the Devel
mailing list