1 Frequently Asked Questions
5 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
6 secure conferencing services in the Internet over insecure channel.
7 SILC superficially resembles IRC although internally they are very
8 different. Biggest similarity between SILC and IRC is that they both
9 provide conferencing services and that SILC has almost same commands
10 as IRC. Other than that they are nothing alike. Biggest differences
11 are that SILC is secure what IRC is not in any way. The network model
12 is also entirely different compared to IRC.
15 Q: Why SILC in the first place?
16 A: Simply for fun, nothing more. An actually for need back then when
17 it was started. SILC has been very interesting and educational
21 Q: When SILC will be completed?
22 A: SILC still has a lot things to do. The time of completion is much
23 related to how many interested people is willing to join the effort.
24 It will be ready when it is ready. The reason for release of the
25 current development version is just to get it out and people aware
26 that something like this exist.
29 Q: Why use SILC? Why not IRC with SSL?
30 A: Sure, that is possible, although, does that secure the entire IRC
31 network? And does that increase or decrease the lags and splits in
32 the IRC network? Does that provide user based security where some
33 specific private message are secured.? Does that provide security
34 where some specific channel messages are secured? Security is not
35 just about applying encryption to traffic and SILC is not just about
36 `encrypting the traffic'. You cannot make insecure protocol suddenly
37 secure just by encrypting the traffic. SILC is not meant to be IRC
38 replacement. IRC is good for some things, SILC is good for same and
42 Q: Can I use SILC with IRC client? What about can I use IRC with SILC
44 A: Answer for both question is no. IRC client is in no way compatible
45 with SILC server. SILC client cannot currently use IRC but this may
46 change in the future if IRC support is added to the SILC client.
47 After that one could use both SILC and IRC with the same client.
48 Although, even then one cannot talk from SILC network to IRC network.
49 That just is not possible.
52 Q: Why client/server protocol is based on IRC? Would it be more
53 interesting to implement something extensible and more powerful?
54 A: They are not, not the least. Have you read the protocol
55 specification? The client superficially resembles IRC client but
56 everything that happens under the hood is nothing alike IRC. SILC
57 could *never* support IRC because the entire network toppology is
58 different (hopefully more scalable and powerful). So no, SILC protocol
59 (client or server) is not based on IRC. Instead, I've taken good
60 things from IRC and leaved all the bad things behind and not even tried
61 to burden myself with the IRC caveats that will burden IRC and future
62 IRC projects til the end. SILC client resembles IRC client because it
63 is easier for new users to start using SILC when they already know all
67 Q: Why SILC? Why not IRC3?
68 A: Question that is justified no doubt of that. I didn't start doing SILC
69 to be replacement for IRC. SILC was something that didn't exist in
70 1996 or even today except that SILC is now released. However, I did
71 check out the IRC3 project in 1997 when I started coding and planning
74 But, IRC3 is problematic. Why? Because it still doesn't exist. The
75 project is at the same spot where it was in 1997 when I checked it out.
76 And it was old project back then as well. Couple of months ago I
77 checked it again and nothing were happening. That's the problem of IRC3
78 project. The same almost happened to SILC as well as I wasn't making
79 real progress over the years. I talked to the original author of IRC,
80 Jarkko Oikarinen, in 1997 and he directed me to the IRC3 project,
81 although he said that IRC3 is a lot of talking and not that much of
82 anything else. I am not trying to put down the IRC3 project but its
83 problem is that no one in the project is able to make a decision what
84 is the best way to go about making the IRC3 and I wasn't going to be
85 part of that. The fact is that if I would've gone to IRC3 project,
86 nor IRC3 or SILC would exist today. I think IRC3 could be something
87 really great if they just would get their act together and start
91 Q: How secure SILC really is?
92 A: A good question which I don't have a answer. SILC has been tried to
93 make as secure as possible. However, there is no security protocol
94 or security software that has not been vulnerable to some sort of
95 attacks. SILC is in no means different from this. So, it is suspected
96 that there are security holes in the SILC. These holes just needs to
97 be found so that they can be fixed.
99 But to give you some parameters of security SILC uses the most secure
100 crytographic algorithms such as Blowfish, RC5, Twofish, etc. SILC
101 does not have DES or 3DES as DES is insecure and 3DES is just too
102 slow. SILC also uses cryptographically strong random number generator
103 when it needs random numbers. Public key cryptography uses RSA
104 and Diffie Hellman algorithms. Key lengths for ciphers are initially
105 set to 128 bits but many algorithm supports longer keys. For public
106 key algorithms the starting key length is 1024 bits.
108 But the best answer for this question is that SILC is as secure as
109 its weakest link. SILC is open and the protocol is open and in public
110 thus open for security analyzes.
112 To give a list of attacks that are ineffective against SILC:
114 o Man-in-the-middle attacks are ineffective if proper public key
115 infrastructure is used. SILC is vulnerable to this attack if
116 the public keys used in the SILC are not verified to be trusted.
118 o IP spoofing is ineffective (because of encryption and trusted
121 o Attacks that change the contents of the data or add extra
122 data to the packets are ineffective (because of encryption and
125 o Passive attacks (listenning network traffic) are ineffective
126 (because of encryption). Everything is encrypted including
127 authentication data such as passwords when they are needed.
129 o Any sort of cryptanalytic attacks are tried to make ineffective
130 by using the best cryptographic algorithms out there.
133 More to come later...