Cryptographic IRC?

cylent asks: "I have a close-knit group of acquaintances that like to communicate with each other often. Public IRC servers are fine for chit-chat, although for more in-depth discussions a more secure form of communication is preferred. I'm wondering what GPL'd software exists to provide for a secure form of realtime multi-party communication. Are there any IRC servers/clients that support any form of public key cryptography? Blowfish? 3DES? Are there any other proprietary "chat" programs available with a forte in cryptography?"

loopback

[sql*kitten]

Easy - run a talk (or IRC or whatever) daemon on the server, configured so it only accepts connections on the local loopback interface. Then everyone uses ssh to connect to the host, and then uses a regular client to connect to the server. 100% off the shelf components (which you probably already have) , no need to modify anything, and no additional procedures to follow, certs to distributes, etc.

S-talk

[Haplo]

I'm not sure if its strong enough for what you're looking for, but try S-Talk. Its a UNIX talk compatible client with encryption added on. Also, if you look around, I think there are ICQ add ons that will do what you're looking for (but I don't know of any off of the top of my head).

Other possibilities

[griffjon]

Though if the ssh/irc combo works for you, that sounds ideal.

Other possibilities: The easiest and fastest implementation I can think of, though a bit klunky, and requiring either a nice web admin or you to be the web admin, would be a HTML script (cgi) chat program and connect via SSL (you can generate your own cert, your interactants will have to trust it. big whoop. Problem is that it's not end-to-end, the chat will be in cleartext on the web server.

real-time manual encryption. IIRC, Syncrypt has a java interface that can encrypt what you highlight on screen, program independent, in Win32, via use of the clipboard. This could perhaps be automated via mIRC in windows environments?

You might investigate using Elliptic Curve crypto of some sort. It's soooo incredibly much faster, and if'n you go full-blown with sending PKI-style public-key crypto, separate messages to each recipient, speed will rapidly become an issue. Moreover, ECC 108 proved something like 50x harder to crack than RSA 512, and 163bit, which would still be lightning fast, would be much, much more secure.

SSH

[mind21_98]

How about having everyone use the port forwarding features of SSH? Everyone could use SSH to log into a server with IRC on it.

For example:

1. Set up SSH config file with:
local port: 6667
remote host: [change to host with IRC server]
remote port: 6667)

2. Start SSH and log into the server with it. You should see a shell prompt.

3. Have BitchX, X-Chat or some other IRC client connect to 127.0.0.1 port 6667.

Tada! Instant security.

um... not quite

[elbuddha]

You seem to misunderstand the nature of SSH tunneling.

Connections from the ssh client to the ssh server are encrypted. Likewise, forwarded ports are encrypted via the same channel. One a connection gets bounced past the ssh server, it is no longer encrypted, since the ssh server has already decrypted that connection.

For example, in your example, the irc connection would be made to localhost, which the ssh client intercepts and encrypts and sends along to the ssh server. The ssh server then decrypts it and sends it on its merry way to the irc server. Anything listening between the ssh server and the irc server will be able to see a non-encrypted stream of data.

I think the point of the question was how to ensure a secure data path between each client end to end, which ssh port forwarding does not accomplish.