Setember 2, 2004: Version 1.1
Added a security measure to the server's connect callback,
which refuses any connection which isn't encrypted using
Crypt::Rijndael. Otherwise the security of the chat session
would be destroyed by a single user logging in with no
encryption.
August 31, 2004: Version 1 -- initial release
Downloads:
Linux: linux version
Windows: Win32 version
This is a set of client-server applications that
provide encrypted internet chat, with a Tk user interface.
There is a Tk-gui server, which should be used for full
functionality, but there is also a simpler commandline
server to use. The following refers to the gui server.
Directions:
_________________________________________________________
First start the server, then as many clients as you define
with logon names and passwords. In the GUI server, there
is an "ADD USER" button. You cannot have duplicate usernames,
and the dialogbox will warn you.
When you exit the server, it will save it's configuration in the
__DATA__ section.
I havn't hashed the passwords, but it can be easily done.
IMPORTANT: CHANGE THE PORT YOU USE (defaults to 2349), AND
CHANGE THE PORTPASSWORD !!!!
CHANGE THE SAMPLE USERS !!!!
The Net::EasyTCP module will auto-negotiate a matching
encryption scheme, when the clients connect. You need
Crypt::CBC installed before any encryption is enabled.
I set this up to use Crypt::Rijndael, but it can use others.
Read the docs for Net::EasyTCP for instructions on setting
up encryption. Crypt::RSA will allow public key encryption,
but is slow, so I disabled it. (It can be changed in the code).
You can contact me if you need help with changing encryption.
The server has a "portpassword" and a login sequence with a user-password
pair. I have incorporated a bunch of "security measures" to attempt
to prevent "hacking" if the server is on the internet.
One method will count the login attempts from any ip address. If the incoming
ip address surpasses a certain count ( I set it up with 4 ), and
has not presented the correct portpassword, it's ip number will be
banned. You can also use this to drop the ip with iptables, but
I just let the ztk-enchat-server refuse it.
A second method, will count the number of times a user presents a
bad user-password. This check is for the case where the portpassword
becomes known, and a hacker tries to hack at user-pass pairs.
A third method, is that I only allow a user to login once. If a user
is logged in, the connection is refused.
A fourth method is to reject connections not using Crypt::Rijndael.
It only takes 1 unencrypted client, to destroy the security of the
chat session. Rijndael is the AES winner, so it's my choice.
There is also a "Ban IP" button, which will let you manually ban
an IP address, or view a count of all attempts from a specific IP address.
One of the consequences of these security measures, is that if you
play around with the server on a localhost, you may trip the BAN IP
flag on the localhost. If it happens, just right click on 127.0.0.1
in the "BanIP list", and the counter will reset. I set the trip level high
enough, so as not to interfere with normal testing.
Windows USAGE:
________________________________________________________________
As usual, I developed this "on and for" linux. However, it does
work on Windows, and I've included a windows version, which is almost
identical to the linux version. However, I find that linux runs much
better, but I think it has to do with trying to match a good set
of "c-compiled encryption modules", with your windows version. So
there is no gaurantee that windows encryption will work well, but it
did in my testing.
I've also included the EasyTCP and FontDialog modules, so window's
users can start the client and server for inspection, but as of
version 1.1, they will not connect without encryption enabled.
Bugs:
_________________________________________________________________
I've included a "Stop Server" Button as a convenience, to let you
stop and restart the server, without a complete restart. You may find
that a client will not reconnect to the restarted server "in sync".
So it is best to "Exit" the clients, and restart them, before trying to
reconnect to the restarted server. The same is true for the server.
The best way to restart the server, is to "Exit" then restart. However,
there may be times when you may want to edit the "Banned IP list" or the
"OK Users list" before quiting.
It is mostly a consequence of the security counters, and stray open
file descriptors. It is always best to "Exit" the server and clients,
before restarting.
#########################################################################
##################################################################
# Original Author:
# A product of zentara - zentara@zentara.net http://zentara.net
# Copyright (c) 2004 by zentara., All rights reserved
# Author: Joseph B. Milosch ( a.k.a. zentara )
##################################################################
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version, WITH THE FOLLOWING EXCEPTION:
# You may not remove the the Original Author copyright information above,
# or this license information.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
########################################################################
# verion 1 posted August 31,2004
# version 1.1 posted September 2, 2004
########################################################################
# USE AT YOUR OWN RISK, THIS IS A SERVER OPEN TO INTERNET CONNECTIONS
#######################################################################