-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: de6657b3c9b62c38290864655d6fef765e33bc57: path_to: revision_to:
commit de6657b3c9b62c38290864655d6fef765e33bc57 Author: root <root@localhost.(none)> Date: Tue Sep 16 23:19:03 2014 +0000 [URC] documentation update diff --git a/README b/README
--- a/README +++ b/README @@ -30,29 +30,6 @@ todo: add encrypted channels to urc2sd. -quick install (not recommended): - - # install dependencies, if you haven't already - ./install-ucspi-tcp.sh - ./install-libtai.sh - - # recommended over ./install-libsodium.sh - ./install-nacl.sh - - useradd urcd - - $editor env/* - - # OpenBSD - echo '-ftrampolines' > conf-cc - - # if python2.6 - sed 's/\.7/.6/g' Make.sh | sh -v - - # elif python2.7 - ./Make.sh - ./bin/urcd.sh $ntwrk - install (recommended): # install dependencies, if you haven't already @@ -89,51 +66,6 @@ install (recommended): ### see the hub2hub section below it is ### ### recommended to connect to 3 urchubs ### -adding curvecp: - mkdir -p /services/urcd-curvecp - - ln -s `pwd`/env /services/urcd-curvecp/env - ln -s `pwd`/urcd /services/urcd-curvecp/urcd - ln -s `pwd`/run.urcd-curvecp /services/urcd-curvecp/run - - curvecpmakekey /services/urcd-curvecp/curvecp - - find /services/urcd-curvecp/curvecp -type d -exec chmod 700 {} \; - find /services/urcd-curvecp/curvecp -type f -exec chmod 600 {} \; - chown urcd /services/urcd-curvecp/curvecp -R - - ln -s /services/urcd-curvecp /service/urcd-curvecp - - sleep 4 - svstat /service/urcd-curvecp - - echo "PUBKEY: `curvecpprintkey /services/urcd-curvecp/curvecp`" - - curvecp + irc client (test): - - tcpserver 127.0.0.1 6667 \ - curvecpclient irc.d3v11.ano `curvecpprintkey /services/urcd-curvecp/curvecp` \ - `cat env/addr` `cat env/port` 01110101011100100110001101100100 \ - curvecpmessage -c ./ucspi-stream & - - irssi -c 127.0.0.1 - -interface: - place an executable program in the cwd - of urcd named 'stdin'. the program reads - stdin from the irc client. anything your - program writes to stdout will be written - to urcd - - place an executable program in the cwd - of urcd named 'stdout'. the program reads - stdin from urcd. anything your program - writes to stdout will be written to the - irc client - - for urc2sd follow the same process. happy - hacking. - no censorship (security): URC networks are censorship resistant. i recommend URCSIGN and/or URCCRYPTOBOX to @@ -156,230 +88,10 @@ no censorship (security): /ignore friend!*@* ALL UNIGNORE /ignore *!VERIFIED@* ALL UNIGNORE -URCSIGN (prototype, subject to change): - ./sign_keypair - - # (global) save your seckey/pubkey and secure them - $editor env/URCSIGNPUBKEY - $editor env/URCSIGNSECKEY - chmod 600 env/URCSIGNSECKEY - - # use a specific seckey for a destination, or override global - mkdir -p urcsignseckeydir - echo urcsignseckeydir > env/URCSIGNSECKEYDIR - echo $seckey > urcsignseckeydir/\#channel - chmod 600 urcsignseckeydir/ - - # save your friends' pubkeys and secure them - mkdir -p urcsigndb/ - chmod 600 urcsigndb/ - echo $pubkey > urcsigndb/$nick - echo urcsigndb/ > env/URCSIGNDB - - # use a specific pubkey for a destination, or override global - mkdir -p urcsignpubkeydir - echo urcsignpubkeydir > env/URCSIGNPUBKEYDIR - echo $pubkey > urcsignpubkeydir/\#channel/nick - chmod 600 urcsignpubkeydir/ - - # urcd will replace the user field with VERIFIED for valid - # signatures and replace all other user fields with URCD. - # see "no censorship" above. - -URCCRYPTOBOX: - # urcd can provide secret and encrypted PM - - ./keypair - echo $seckey > env/URCCRYPTOBOXSECKEY - mkdir -p urccryptoboxdir/ - echo urccryptoboxdir > env/URCCRYPTOBOXDIR - echo $pubkey > urccryptoboxdir/$nick - chmod 600 urccryptoboxdir/ - - # use a specific seckey for a destination, or override global - mkdir -p urccryptoboxseckeydir/ - echo urccryptoboxseckeydir > env/URCCRYPTOBOXSECKEYDIR - echo $seckey > urccryptoboxseckeydir/$nick - chmod 600 urccryptoboxseckeydir/ - - # urcd will replace the user field with VERIFIED for valid - # authentication and replace all other user fields with URCD. - # see "no censorship" above. - - URCCRYPTOBOXPFS: - # urcd can provide secret perfect forward secrecy for encrypted PM - # for destinations already configured for URCCRYPTOBOX. urcd will - # send and error notice when unable to decrypt a session box. simply - # respond to your friend to exchange session keys. if you want to - # change session keys, simply /reconnect. urcd will not store any - # session cryptography. both parties need to have this enabled to work. - - echo urccryptoboxpfs/ > env/URCCRYPTOBOXPFS - mkdir -p urccryptoboxpfs/ - chmod 600 urccryptoboxpfs/ - touch urccryptoboxpfs/$nick - -URCSECRETBOX: - urcd can provide secret and encrypted channels - using a 64 byte hexadecimal key - - ./keypair # you only need the seckey - mkdir -p urcsecretboxdir/ - echo urcsecretboxdir > env/URCSECRETBOXDIR - echo $seckey > urcsecretboxdir/\#channel - chmod 600 urcsecretboxdir/ - - clients can also create channel encryption temporarily - by submitting passwords to urcd. - e.g.: - - /JOIN #channel password - /MODE #channel +k password - -urcd PASS command (prototype, subject to change): - remote clients can set or override URCSIGNSECKEY and/or - URCCRYPTOBOXSECKEY by sending NaCl secret keys to urcd in - hexadecimal format using the PASS command. there are three - acceptable formats: - - 0.) a 128 byte key will set URCSIGNSECKEY only. - - 1.) a 64 byte key will set URCCRYPTOBOXSECKEY only. - - 2.) a 192 byte key will set URCCRYPTOBOXSECKEY using the first - 64 bytes, and set URCSIGNSECKEY using the last 128 bytes. - hub2hub: test -e /services/urcd-hub0/ || ./bin/add-urchub - ./bin/add-urcstream2hub /service/urcd/socket/ /service/urcd-hub0/socket/ ./bin/add-hublisten your.urcd.ano 6789 /service/urcd-hub0/socket/ ./bin/add-hubconnect peer.urcd.ano 6789 /service/urcd-hub0/socket/ CryptoServ (requires NaCl): - # stdin.cryptoserv will create cryptoservroot/urcsigndb - # cryptoservroot/urccryptoboxdir, and cryptoservroot/urccryptoboxpfs - # and point env/URCCRYPTOBOXDIR, env/URCCRYPTOBOXPFS, and - # env/URCSIGNDB accordingly. - ln -s stdin.cryptoserv stdin - -urc2sd: - #urc2sd follows a similar convention as urcd by using a format - #that distinguishes signed messages from nonverified messages. - #i.e: signed messages appear as: "nick!sign@server> msg", - #while nonsigned messages appear as "nick!urcd@server> msg". - #urc2sd filters traffic coming from the urc network reliably - #this way by using the ban and except masks set by the chanops - #on the the ircnet's channels. - - mkdir -p /services/urc2sd - - ln -s `pwd`/urc2sd /services/urc2sd/urc2sd - ln -s `pwd`/ucspi-client2server /services/urc2sd/ucspi-client2server - - # default - ln -s `pwd`/run.urc2sd /services/urc2sd/run - - # tor - ln -s `pwd`/run.urc2sd-tor /services/urc2sd/run - ln -s `pwd`/ucspi-socks4aclient /services/urc2sd/ucspi-socks4aclient - - printf $addr > /services/urc2sd/addr - printf $port > /services/urc2sd/port - printf '/services/urcd-hub0/socket/' > /services/urc2sd/path - printf 'urcd' > /services/urc2sd/nick - printf '#channel' > /services/urc2sd/channels - - touch /services/urc2sd/auto_cmd - - ln -s /services/urc2sd /service/urc2sd - -POLICY and ISUPPORT: - these values are filenames inside env/ and contain different types of data. - - IDLE: - integer argument with a default of 2048 seconds. this value dictates how long - remote clients can idle before their presence is dropped. - - PING: - integer argument with a default of 16 seconds. this value dictates the ping - intervals to a client, and the amount of time a client has to perform - a connection. if PING is activated and the client doesn't respond within - the specified time before TIMEOUT, the client is dropped. a 0 value will - disable this feature. - - URCDB: - default is empty. adding a /path/to/urc.db will tell urcd where to store a - database. the database stores information from the network. this prevents - losing this information between connections. (security) set chmod 600 on - this file after it is created. e.g.: /topic, /names, and /list. - - WARNING: - using this option on public urcd's, or sharing a database from a private - urcd can reveal /topic, /names, and /list to unprivileged clients. - - FLOOD: - integer argument with a default threshold of 8. every write to the network - by a client increments the flood counter. if the flood counter breaches the - threshold the client will lose ability to write to the network until the - counter returns below the threshold value. a 0 value will disable this - feature. - - LIMIT: - float argument default is 1.0. this is the maximum rate in which a client - can write to the network. - - EXPIRY: - integer argument with a default of 32 days. this is how long a CryptoServ - account has until it is deleted from inactivity. setting this value to 0 - will disable account expirations. - - COLOUR: - integer default is 0. changing this value to 1 will allow colour encoding - to pass to the client. - - UNICODE: - integer default is 0. changing this value to 1 will allow unicode encoding - to pass to the client. - - NICKLEN: - integer default is 32. this is the maximum byte length of acceptable nick's - on the network. - - TIMEOUT: - integer default is 256. this value represents the allowed time a client - can remain silent before their connection is dropped. this value also - represents how often URCDB is synchronized if enabled. - - PRESENCE: - integer default is 0. changing this value to 1 will announce JOIN, PART, - and QUIT messages from the client to the network. - - TOPICLEN: - integer default is 512. this is the maximum byte length of acceptable - topics. - - CHANLIMIT: - integer default is 64. this value represents the maximum amount of channels - and the maximum amount of users that can participate in channels. - - CHANNELLEN: - integer default is 64. this value represents the maximum byte length of - channels on the network. - - PADDING: - integer default is 255. this value represents the block sizes of encrypted - packets. setting a 0 value will disable this feature, however it is not - recommended. - - BROADCAST: - integer default is 0. setting this value to 1 enables UDP broadcasts in - urc-udpsend and urc-udprecv. - -logging URC services: - mkdir -p /path/to/urcd-service/log/ - ln -s run.log /path/to/urcd-service/log/run - supervise /path/to/urcd-service/log 2>/dev/null & disown - sleep 4 - svstat /path/to/urcd-service/log - svc -t /path/to/urcd-service/ diff --git a/doc/URC b/doc/URC
--- a/doc/URC +++ b/doc/URC @@ -47,6 +47,12 @@ Advantages correct keys can discover this information. By default, all encrypted packets are padded to protect against other side channels. +- TAIA96N is resistant to side channels by using random labels that + fall within a time parameter. This allows URC to require minimal + cache requirements for reliability and efficiency and prevent + the reusage of old messages (Replay Attacks) without compromising + a users time information. Admins should use accurate clocks. + - Security is priority - URC is written in a small amount of open source C and Python code. URC daemons only function inside of a chroot jail with only the privileges necessary to run. URC supports
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 17:34:31 2024