Shoutbox

Rofl, personally, even if I knew how to, I wouldn't be bothered doing something like that just to read someone's encrypted 10 letter message.

LMAO just pointing it out Doubt anyone would ever want to do it

The changing on receive works for me...
altough you use 'Auto' in your code, and 'AutoDecrypt' in the Receive function...

And a bug: commands get encrypted too, not your own commands, but when you try to change you status using '/away' the encrypted form gets send

I don't know how the key stuff works (yet) but you have a global key (per user) and you need that key to encode and decrypt the message, so the other user has to have the same global key, right? (not sure) than he sends an encrypted message to another contact, witht that same key, because it's used for encrypting and decrypting, wouldn't that mean that all the contacts need to have the same key?
I think you need to have a per user Key...

Yes, that's how it works, with a per user key. The way it works is that you and your contact will be talking using the same key. The problem is, your contact will somehow need to find out what key you are using in order to talk to you, which makes it kind of pointless. I may decide to make the key used for AutoEncrypt and AutoDecrypt related to the contacts' user ID's, so that you won't need to find out (that actually sounds like quite a good idea ). If you have other ideas, suggest away!

As for the AutoDecrypt, I'll have to see if it is because it is being interfered with another script.
EDIT: Found the problem. It was being interfered by Choli's Linked Chats script.

In the next release, I'll fix the command bug as well. (You can edit the script yourself if you want. )

PS. Question: If I use multiple messengers (polygamy), do the global variables overlap? Also, anyone know how to make a list of contacts with checkboxes?

EDIT: Updated first post with bug fixes and AutoDecrypt. Now I'll probably get to work on fixing up the whole key thing.

the encrypted strings are a lot longer than the original ones, maybe you can make it so that if the encrypted string is too long it will be sent in parts so you don't have to bother about the length of the message?

quote:

---

Originally posted by Jesus
the encrypted strings are a lot longer than the original ones, maybe you can make it so that if the encrypted string is too long it will be sent in parts so you don't have to bother about the length of the message?

---

Good idea, I think the encrypt function can pre-calculate the length of the encryption, so it can split and encrypt the separate strings.
* Matti looks at phalanxii...

quote:

---

Originally posted by phalanxii
Yes, that's how it works, with a per user key. The way it works is that you and your contact will be talking using the same key. The problem is, your contact will somehow need to find out what key you are using in order to talk to you, which makes it kind of pointless. I may decide to make the key used for AutoEncrypt and AutoDecrypt related to the contacts' user ID's, so that you won't need to find out (that actually sounds like quite a good idea ).

---

If you want this because of added security, then I can say that would be pointless too...

All the 'hacker' needs to do is getting the other user's id and voila he can read those messages too.

eg: if you're in a multi convo window and you send an ecrypted key, it is dead easy to simply iterate thru all the contacts and decrypt the message using each individual contact userID.

So for starters, never ever send an encrypted text in a multi contact convo. Unless you take a look at how PGP works; private key and public key...

quote:

---

Originally posted by phalanxii
PS. Question: If I use multiple messengers (polygamy), do the global variables overlap?

---

no, they are different threads of the same script.

quote:

---

Originally posted by phalanxii
Also, anyone know how to make a list of contacts with checkboxes?

---

see various examples on the forum and released scripts.

quote:

---

Originally posted by Mattike

quote:

---

Originally posted by Jesus
the encrypted strings are a lot longer than the original ones, maybe you can make it so that if the encrypted string is too long it will be sent in parts so you don't have to bother about the length of the message?

---

Good idea, I think the encrypt function can pre-calculate the length of the encryption, so it can split and encrypt the separate strings.
* Mattike looks at phalanxii...

---

Yes, that is quite a good idea. I'll definitely put that in (although how will it work with F3 and F4?). Just if you wanted to know, the length of the encryption is the block size times the original length plus one.

EDIT: Having trouble putting this one in... EDIT: Fixed!

---

@Cookie:
The user ID idea was probably not for security, but rather convenience. At the moment, the person that you send you're message to needs to know the key that you encrypted the message with, which I thought was a bit difficult in terms of practicality. (Note: This means that currently, you can send a message in a multi-contact conversation, as long as everyone else doesn't know the key.) But yes, I will probably need to reconsider the whole key concept, because as it stands, it is quite impractical (unless you don't mind telling your contact the key beforehand). However, like you said, using user IDs is also insecure.

Again, if anyone has any ideas as to how this should work, please suggest!

PS. Thanks for everybody's help so far! Also, thanks for answering my last few questions. (I think I've got the contact list on the way, but I'm not sure whether I'll use it...)

EDIT: I just read up on PGP, and public-key encryption and private-key decryption seems a little out of my league...

EDIT #2: At the moment, I'm inclined to think that the key system will have to be left as is. There is no way for the script to generate a key for two users without communication or find the key within the message without there being a security threat from someone else doing the same.

This is quite a major update (v1.50). The first post has most of the details. (THERE'S A NIFTY CONFIGURATION WINDOW!! )

However, I thought I might just clarify the use of AutoKey. To use AutoKey, you need to select the contacts that you wish to encrypt with. From there, it will generate a key based on you and your selected contacts. This key will be the same for each one of your contacts who select the same people. The point of this was to make it more convenient for people so that they do not always have to exchange keys.

The problem with this is, as Cookie has said, the AutoKey's key is crackable. Therefore, the use of AutoKey should be used with care, but for more security, do not use AutoKey, but instead use a custom one.