SecureIM
Encyclopedia
SecureIM is an encryption
system built into the Trillian Instant Messenger Client.
It encrypts messages from user-to-user, so no passively observing node
between the two is supposedly able to read the encrypted messages. SecureIM does not authenticate
its messages, and therefore it is susceptible to active attacks including simple forms of Man-in-the-middle attack
s.
According to Cerulean Studios
, the makers of Trillian, SecureIM enciphers messages with 128-bit Blowfish
encryption. It only works with the OSCAR protocol
and if both chat partners use Trillian.
However, the key used for encryption is established using a Diffie-Hellmann Key Exchange which only uses a 128 bit prime number as modulus, which is extremely insecure and can be broken within minutes on a standard PC
.
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
system built into the Trillian Instant Messenger Client.
It encrypts messages from user-to-user, so no passively observing node
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
between the two is supposedly able to read the encrypted messages. SecureIM does not authenticate
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
its messages, and therefore it is susceptible to active attacks including simple forms of Man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s.
According to Cerulean Studios
Cerulean Studios
Cerulean Studios is a software house based in Connecticut, United States, notable for developing Trillian, an instant messaging client.It was founded in May 1998 by Kevin Kurtz and Scott Werndorfer. While still living at his parent's home, Werndorfer used $10,000 of his savings to start Cerulean...
, the makers of Trillian, SecureIM enciphers messages with 128-bit Blowfish
Blowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
encryption. It only works with the OSCAR protocol
OSCAR protocol
OSCAR or Open System for CommunicAtion in Realtime is AOL's flagship instant messaging and presence information protocol. Currently, OSCAR is in use for AOL's two main instant messaging systems: ICQ and AIM....
and if both chat partners use Trillian.
However, the key used for encryption is established using a Diffie-Hellmann Key Exchange which only uses a 128 bit prime number as modulus, which is extremely insecure and can be broken within minutes on a standard PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
.