From 3b68013df4e55c7b31cb2d12aeda0c3d96c72e37 Mon Sep 17 00:00:00 2001 From: Pekka Riikonen Date: Thu, 29 Jun 2000 13:06:30 +0000 Subject: [PATCH] Created. --- public_html/faq.html | 131 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 public_html/faq.html diff --git a/public_html/faq.html b/public_html/faq.html new file mode 100644 index 00000000..aec23abf --- /dev/null +++ b/public_html/faq.html @@ -0,0 +1,131 @@ + + + +


+ + + + + +
+

+ +

Frequently Asked Questions

+

+Q: What is SILC?
+A: SILC (Secure Internet Live Conferencing) is a protocol which provides + secure conferencing services in the Internet over insecure channel. + SILC is IRC like although internally they are very different. Biggest + similiarity between SILC and IRC is that they both provide conferencing + services and that SILC has almost same commands as IRC. Other than + that they are nothing alike. +

+ Biggest differences are that SILC is secure what IRC is not in any + way. The network model is also entirely different compared to IRC. +


+ +Q: Why SILC in the first place?
+A: Simply for fun, nothing more. An actually for need back then when + it was started. SILC has been very interesting and educational + project. +


+ +Q: When will SILC be completed?
+A: SILC still has a lot things to do. The time of completion is much + related to how many interested people is willing to join the effort. + It will be ready when it is ready. The reason for release of the + current development version is just to get it out and people aware + that something like this exist. SILC is not ready for production + use so it is not expected that there is that much of a hype around + SILC. I don't have to hurry... :) +


+ +Q: Why use SILC? Why not IRC with SSL?
+A: Sure, that is possible, although, does that secure the entire IRC + network? And does that increase or decrease the lags and splits in + the IRC network? SILC is not meant to be IRC replacement. IRC is + good for some things, SILC is good for same and some other things. +


+ +Q: Can I use SILC with IRC client? What about can I use IRC with SILC + client?
+A: Answer for both question is no. IRC client is in no way compatible + with SILC server. SILC client cannot currently use IRC but this may + change in the future if IRC support is added to the SILC client. + After that one could use both SILC and IRC with the same client. + Although, even then one cannot talk from SILC network to IRC network. + That just is not possible. +


+ +Q: Why SILC? Why not IRC3?
+A: Question that is justified no doubt of that. I didn't start doing SILC + to be replacement for IRC. SILC was something that didn't exist in + 1996 or even today except that SILC is now released. However, I did + check out the IRC3 project in 1997 when I started coding and planning + the SILC protocol. +

+ But, IRC3 is problematic. Why? Because it still doesn't exist. The + project is at the same spot where it was in 1997 when I checked it out. + And it was old project back then as well. Couple of months ago I + checked it again and nothing were happening. That's the problem of IRC3 + project. The same almost happened to SILC as well as I wasn't making + real progress over the years. I talked to the original author of IRC, + Jarkko Oikarinen, in 1997 and he directed me to the IRC3 project, + although he said that IRC3 is a lot of talking and not that much of + anything else. I am not trying to put down the IRC3 project but its + problem is that no one in the project is able to make a decision what + is the best way to go about making the IRC3 and I wasn't going to be + part of that. The fact is that if I would've gone to IRC3 project, + nor IRC3 or SILC would exist today. I think IRC3 could be something + really great if they just would get their act together and start + coding the thing. +


+ +Q: How secure SILC really is?
+A: A good question which I don't have a answer. SILC has been tried to + make as secure as possible. However, there is no security protocol + or security software that has not been vulnerable to some sort of + attacks. SILC is in no means different from this. So, it is suspected + that there are security holes in the SILC. These holes just needs to + be found so that they can be fixed. +

+ But to give you some parameters of security SILC uses the most secure + crytographic algorithms such as Blowfish, RC5, Twofish, etc. SILC + does not have DES or 3DES as DES is insecure and 3DES is just too + slow. SILC also uses cryptographically strong random number generator + when it needs random numbers. Public key cryptography uses RSA + and Diffie Hellman algorithms. Key lengths for ciphers are initially + set to 128 bits but many algorithm supports longer keys. For public + key algorithms the starting key length is 1024 bits. +

+ But the best answer for this question is that SILC is as secure as + its weakest link. SILC is open and the protocol is open and in public + thus open for security analyzes. +

+ To give a list of attacks that are ineffective against SILC: +

+

  • Man-in-the-middle attacks are ineffective if proper public key + infrastructure is used. SILC is vulnerable to this attack if + the public keys used in the SILC are not verified to be trusted. + +
  • IP spoofing is ineffective (because of encryption and trusted + keys). + +
  • Attacks that change the contents of the data or add extra + data to the packets are ineffective (because of encryption and + integrity checks). + +
  • Passive attacks (listenning network traffic) are ineffective + (because of encryption). Everything is encrypted including + authentication data such as passwords when they are needed. + +
  • Any sort of cryptanalytic attacks are tried to make ineffective + by using the best cryptographic algorithms out there. +


    +More to come later... +


    + +

    • + + -- 2.24.0