Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SASL ECDSA-NIST256P-CHALLENGE #251

Closed
maxteufel opened this Issue Nov 9, 2014 · 15 comments

Comments

Projects
None yet
9 participants
@maxteufel
Copy link
Contributor

commented Nov 9, 2014

Please add support for the SASL ECDSA-NIST256P-CHALLENGE mechanism.
Documentation is here: https://github.com/atheme/ecdsatool

@Shawn-Smith

This comment has been minimized.

Copy link
Contributor

commented Nov 9, 2014

Issue #175 can probably be closed. It was stated in the issue that DH-BLOWFISH and DH-AES were probably not going to be removed.

The only other suggestion under that issue is to add ECDSA-NIST256P-CHALLENGE, which is now tracked by this issue.

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Nov 10, 2014

I can probably copy my comment to #175 here too as it's also related here:

https://blog.freenode.net/2014/11/atheme-7-2-and-freenode/

The SASL mechanism DH-BLOWFISH has been removed. People using it
can connect via SSL and use PLAIN or upgrade to ECDSA-NIST256P-CHALLENGE.

(bolding my me)

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Nov 28, 2014

By the wy, is ECDSA-NIST256P-CHALLENGE supported by any other client than HexChat with script at the moment?

@fungi

This comment has been minimized.

Copy link

commented Dec 13, 2014

By the way, Freenode staff just now announced they'd completed their migration to Atheme 7.2... so for weechat users the remaining choice is between plain auth and plain auth apparently.

@maxteufel

This comment has been minimized.

Copy link
Contributor Author

commented Dec 13, 2014

Trying to add it at the moment. The only possible problem is that most distros don't ship a packaged ecdsatool/libecdsaauth. :(

@ilbelkyr

This comment has been minimized.

Copy link

commented Dec 17, 2014

@Mikaela Irssi with the cap_sasl.pl script in the atheme/atheme and atheme/ecdsatool repos supports it, though requires having ecdsatool as well.

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Dec 17, 2014

That makes the number two :)

@Shawn-Smith

This comment has been minimized.

Copy link
Contributor

commented Dec 18, 2014

@ctrlaltca Those discussions aren't related to this at all. This is regarding ECDSA-NIST256P-CHALLENGE, those are discussing DH-BLOWFISH.

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Dec 18, 2014

Those discussions aren't related to this at all.

is one of the reasons of closing ProgVal/Limnoria#911.

It seems that @ctrlaltca doesn't or didn't understand mechanisms and just threw copy-paste of that comment everywhere where some SASL issue was referenced from.

@ctrlaltca

This comment has been minimized.

Copy link

commented Dec 18, 2014

Deleted, sorry

@grawity

This comment has been minimized.

Copy link
Contributor

commented Dec 18, 2014

@ilbelkyr cap_sasl.pl has been ported to Crypt::PK::ECC yesterday. (Has "/sasl keygen" now.)

@flashcode flashcode added this to the 1.2 milestone Jan 17, 2015

@flashcode flashcode self-assigned this Jan 17, 2015

@flashcode flashcode closed this in e2be018 Jan 19, 2015

@flashcode

This comment has been minimized.

Copy link
Member

commented Jan 19, 2015

Quick instructions (I'll add that soon in user's guide):

  1. openssl ecparam -genkey -name prime256v1 >~/.weechat/ecdsa.pem
  2. openssl ec -noout -text -conv_form compressed -in ~/.weechat/ecdsa.pem | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64 (this is your pubkey as base64)
  3. /connect freenode
  4. /msg nickserv set property pubkey <pubkey here>
  5. /set irc.server.freenode.sasl_mechanism ecdsa-nist256p-challenge
  6. /set irc.server.freenode.sasl_username <account>
  7. /set irc.server.freenode.sasl_key %h/ecdsa.pem
  8. /reconnect freenode
    Enjoy!
@maxteufel

This comment has been minimized.

Copy link
Contributor Author

commented Jan 20, 2015

4 /msg nickserv set property pubkey <pubkey here>

/msg NickServ set pubkey <pubkey here> is preferred in Atheme 7.2.3+ (freenode is running 7.2.4 with nickserv/set_pubkey.so loaded at the moment; Edit: the ecdsa-nist256p-challenge module actually requests nickserv/set_pubkey as a dependency in 7.2.3+).

@Mikaela

This comment has been minimized.

Copy link
Contributor

commented Jan 20, 2015

And because of that issue you found, no one should run Atheme that desn't have the /ns set pubkey.

@un1versal

This comment has been minimized.

Copy link

commented Jul 9, 2016

Deleted, sorry

@ctrlaltca so this is where you spend your time ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.