http://fish.sekure.us/
You can get some more details on the software itself at the FiSH homepage; there is no need to reproduce it here.
The software has been ported to a few different platforms: mIRC for Windows, Irssi for essentially any UNIX system (possibly even Windows -- pending confirmation), Xchat for Windows, UNIX, and apparently also Mac OSX. There is a generic TCL module of some sort, possibly usable in eggdrop solutions. This document will focus on the mIRC and Irssi solutions.
The mIRC version requires a binary patch on the executable. The author of FiSH probably needs some time to port to each new release of mIRC, so the version available will probably be a version or two behind "current" (as if Kahled has any meaningful release cycle in the first place ... for that matter, anyone using mIRC probably pirated a serial, and keeps some old version anyway! Shame on you!) So grab the release off his page, and run the patcher for your version. Alternatively, you can grab this pre-patched copy of mine: mIRC_v6.14-SySReset_v2.53-FiSH_v1.29.rar. (Note, if you have any sense of security, you probably shouldn't just grab untrusted binaries from random sites. Also, you can only preserve your old mIRC/SysReset settings by patching, so that is a sensible method to consider.)
The Irssi and Xchat platforms have binary modules available for a variety of architectures. Windows and MacOS are foolproof, but Linux might need some special attention. If the system is Intel-based, odds are the binary Linux module will work. (Incredibly, the author also has a module for OpenBSD v3.8, which is exactly what I was running at the time I started using FiSH!) For Irssi, just copy libfish.so into /usr/lib/irssi/modules/ ; for Xchat, xfish.so goes in /usr/lib/xchat/plugins/ .
If there is no binary module available for your system, you will need to compile the source code. And unfortunately, there is no nice GNU-style build environment for this project -- you will be getting your hands *really* dirty here. In fact, I haven't even built this thing successfully myself yet! Once I manage to do so, I will update here with some details. Anyone who does succeed here, feel free to send me the details of your endeavour.
The blow.ini configuration file appears to be identical for all platforms. A simple example follows; most of the options are default anyway, but they will all be described:[FiSH] process_incoming=1 process_outgoing=1 mark_encrypted=" $" mark_position=1 plain_prefix="+p " auto_keyxchange=0 nicktracker=1The default Crypto-Mark appears to be blank, so set it to something sensible here (it can be changed conveniently in the mIRC platform, but not in any others). mark_position sets the Crypto-Mark as a prefix or suffix, depending on the numerical value. auto_keyxchange and nicktracker are boolean values. Automatic keyXchange performs a /keyx function every time a new query window is opened; this is technically more secure, but presents theoretical security risks. The NickTracker bears some special mention: it will keep track of the nickname changes in all channels you are joined to, and configure any keys set to a nickname which changes, to the newly changed nickname. In other words, you will not need to manually set a key for the given nickname again, nor re-keyx the user -- the client will transparently use the old key with the new nick. Presumably there are some theoretical security implications to this feature, but it is extremely convenient, thus it is not discouraged to leave it enabled.
Oddly, the documentation for mIRC lacks a command reference, so that is what this section is really for. The following commands are known to be available:
/fish.setkey <#channel>
Sets the encryption key for channel <#channel> to
. (Unlike UNIX clients, the channel must always be specified as an argument - setting the "current" channel is not supported.)
/fish.usechankey
<#channel> This command will set the key used for privmsg communication with user
to the same key that is currently set for channel <#channel>. Note that there does not appear to be a similar function for the other clients, so use of this command is discouraged.
/fish.showkey <#channel>
This command will open a small dialogue window, containing the currently set key for channel <#channel>.
fish.removekey <#channel>
Removes the key currently set for channel <#channel>. Encryption will no longer be performed on the channel.
/keyx
This command will initiate a DH1080 key-exchange with user
. The message, "FiSH:Sent my DH1080 public key to , waiting for reply ..." will be shown; if the user is also using FiSH, their IRC client will automatically reply to the request, and a key will be negotiated -- the message, "Key for set to *censored*" will then be shown. The key will be saved automatically by both clients, and does not need to be seen.
/fish.prefixThis command changes the encryption prefix used by FiSH to the character(s)
. It is suggested that a single character be used, but any number of characters may be used.
Note that manually setting keys for privmsg communication is not necessary, as the DH1080 key-exchange (/keyx) is at least equally secure, and way the hell more convenient.
Right-clicking in any chat window will reveal a new sub-menu, "FiSH", containing the following options:Right-clicking in a channel window will reveal the same sub-menu, with the same options listed above, in addition to these options:
- Set plain-prefix
- Auto-KeyXchange
- Encrypt outgoing
- Encrypt incoming
- Crypt-Mark (Incoming)
- Crypt-Mark (Outgoing)
- NickTracker
- Encrypt NOTICE
- Encrypt ACTION
- Show key
- Set new key
- Remove key
- Encrypt TOPIC
Xchat and Irssi share identical commands for using FiSH encryption. These commands are properly documented in the distribution, so I will not go into detail here. There is only one discernable difference between the modular version and the mIRC version: an initialization key may be set for Xchat/Irssi, which will prevent unauthorized users from accessing your session keys (for example, if your blow.ini file were somehow stolen). The relevant commands are:
/setinipw
Sets a new password
on your blow.ini key container. You will need to re-enter this password each time the FiSH module is loaded (i.e. each time Xchat/Irssi is launched).
/unsetinipw
Removes the password from the blow.ini container. No password protection will be present after this command has been executed.