2 <b><big>Frequently Asked Questions</big></b>
4 <a href="#f1_0" class="normal">1. General Questions</a><br />
5 <a href="#f1_10" class="normal">
6 1.1 What is SILC?</a><br />
7 <a href="#f1_20" class="normal">
8 1.2 When was SILC Project started?</a><br />
9 <a href="#f1_30" class="normal">
10 1.3 Why SILC in the first place?</a><br />
11 <a href="#f1_40" class="normal">
12 1.4 What license covers the SILC release?</a><br />
13 <a href="#f1_50" class="normal">
14 1.5 Why SILC? Why not IRC3?</a><br />
15 <a href="#f1_55" class="normal">
16 1.6 What platforms SILC supports?</a><br />
17 <a href="#f1_60" class="normal">
18 1.7 Where can I find more information?</a><br />
19 <a href="#f1_70" class="normal">
20 1.8 I would like to help out, what can I do?</a>
23 <a href="#f2_0" class="normal">2. Protocol Questions</a><br />
24 <a href="#f2_10" class="normal">
25 2.1 What is the status of SILC protocol in the IETF?</a><br />
26 <a href="#f2_20" class="normal">
27 2.2 How much the SILC protocol is based on IRC?</a><br />
28 <a href="#f2_30" class="normal">
29 2.3 Why use SILC? Why not IRC with SSL?</a><br />
30 <a href="#f2_40" class="normal">
31 2.4 Can I talk from SILC network to IRC network?</a><br />
32 <a href="#f2_45" class="normal">
33 2.5 Does SILC support file transfer?</a><br />
34 <a href="#f2_46" class="normal">
35 2.6 Does SILC support DCC or alike?</a><br />
36 <a href="#f2_47" class="normal">
37 2.7 I am behind a firewall, can I use SILC?</a><br />
38 <a href="#f2_50" class="normal">
39 2.8 How secure SILC really is?</a><br />
40 <a href="#f2_60" class="normal">
41 2.9 Does SILC support instant messaging?</a><br />
42 <a href="#f2_70" class="normal">
43 2.10 Why SILC does not have LINKS command like in IRC?</a><br />
44 <a href="#f2_80" class="normal">
45 2.11 Why SILC does not have STATS command like in IRC?</a><br />
46 <a href="#f2_90" class="normal">
47 2.12 Is anyone outside a channel able to see the channel messages?</a><br />
48 <a href="#f2_100" class="normal">
49 2.13 I have suggestions to SILC Protocol, what can I do?</a>
52 <a href="#f3_0" class="normal">3. Client Questions</a><br />
53 <a href="#f3_10" class="normal">
54 3.1 Where can I find SILC clients?</a><br />
55 <a href="#f3_20" class="normal">
56 3.2 Can I use SILC with IRC client and vice versa?</a>
59 <a href="#f4_0" class="normal">4. Server Questions</a><br />
60 <a href="#f4_10" class="normal">
61 4.1 Where can I find SILC servers?</a><br />
62 <a href="#f4_20" class="normal">
63 4.2 Can I run own SILC server?</a><br />
64 <a href="#f4_30" class="normal">
65 4.3 What is the difference between SILC server and SILC router?</a><br />
66 <a href="#f4_40" class="normal">
67 4.4 Why server says permission denied to write to a log file?</a><br />
68 <a href="#f4_50" class="normal">
69 4.5 When I connect to to my server, it says "server does not support one of your proposed cipher", what is wrong?</a><br />
70 <a href="#f4_60" class="normal">
71 4.6 Why SILC server runs on privileged port 706?</a>
74 <a href="#f5_0" class="normal">5. Toolkit Questions</a><br />
75 <a href="#f5_10" class="normal">
76 5.1 What is SILC Toolkit?</a><br />
77 <a href="#f5_20" class="normal">
78 5.2 Is the SILC Toolkit Reference Manual Available?</a><br />
79 <a href="#f5_30" class="normal">
80 5.3 How do I compile the Toolkit on Unix?</a><br />
81 <a href="#f5_40" class="normal">
82 5.4 How do I compile the Toolkit on Win32?</a><br />
83 <a href="#f5_50" class="normal">
84 5.5 Does the Toolkit package include any sample code?</a><br />
88 <b>1. General Questions</b><br /> <br />
91 <samp class="highlight">Q: What is SILC?</samp><br />
92 A: SILC (Secure Internet Live Conferencing) is a protocol which provides
93 secure conferencing services in the Internet over insecure channel. SILC
94 is IRC like although internally they are very different. Biggest
95 similarity between SILC and IRC is that they both provide conferencing
96 services and that SILC has almost same commands as IRC. Other than that
97 they are nothing alike.
99 Biggest differences are that SILC is secure what IRC is not in any way.
100 The network model is also entirely different compared to IRC.
104 <samp class="highlight">Q: When was SILC Project started?</samp><br />
105 A: The SILC development started in 1996 and early 1997. But, for various
106 reasons it suspended many times until it finally got some wind under its
107 wings in 1999. First public release was in summer 2000.
111 <samp class="highlight">Q: Why SILC in the first place?</samp><br />
112 A: Simply for fun, nothing more. And actually for need back in the days
113 when it was started. When SILC was first developed there really did not
114 exist anything like this. SILC has been very interesting and educational
119 <samp class="highlight">Q: What license covers the SILC release?</samp><br />
120 A: The SILC software developed here at silcnet.org, the SILC Client, the
121 SILC Server and the SILC Toolkit are covered by the GNU General Public
126 <samp class="highlight">Q: Why SILC? Why not IRC3?</samp><br />
127 A: Question that is justified no doubt of that. SILC was not started to
128 become a replacement for IRC. SILC was something that didn't exist in 1996
129 or even today except that SILC is now released. However, I did check out
130 the IRC3 project in 1997 when I started coding and planning the SILC protocol.
132 But, IRC3 is problematic. Why? Because it still doesn't exist. The
133 project is almost at the same spot where it was in 1997 when I checked it
134 out. And it was old project back then as well. That's the problem of IRC3
135 project. The same almost happened to SILC as well as I wasn't making real
136 progress over the years. I talked to the original author of IRC, Jarkko
137 Oikarinen, in 1997 and he directed me to the IRC3 project, although he
138 said that IRC3 is a lot of talking and not that much of anything else. I
139 am not trying to put down the IRC3 project but its problem is that no one
140 in the project is able to make a decision what is the best way to go about
141 making the IRC3 and I wasn't going to be part of that. The fact is that
142 if I would've gone to IRC3 project, nor IRC3 or SILC would exist today. I
143 think IRC3 could be something really great if they just would get their
144 act together and start coding the thing.
148 <samp class="highlight">Q: What platforms SILC supports?</samp><br />
149 A: The SILC Client is available on various Unix systems and is reported to
150 work under cygwin on Windows. The SILC Server also works on various Unix
151 systems. However, the server has not been tested under cygwin as far as we
152 know. The SILC Toolkit is distributed for all platforms, Unix, Cygwin
157 <samp class="highlight">Q: Where can I find more information?</samp><br />
158 A: For more technical information we suggest reading the SILC Protocol
159 specifications. You might also want to take a look at the <a
160 href="?page=docs" class="normal">documentation </a> page on the web page.
164 <samp class="highlight">Q: I would like to help out, what can I do?</samp><br />
165 A: You might want to take a look at the <a
166 href="?page=contribute" class="normal">Contributing</a> page and the <a
167 href="?page=todo" class="normal">TODO</a> list. You might also want to join the
168 SILC development mailing list.
171 <a name="f2_0"></a><br />
172 <b>2. Protocol Questions</b><br /> <br />
175 <samp class="highlight">Q: What is the status of SILC protocol in the IETF?</samp><br />
176 A: The SILC protocol specifications has been submitted currently as
177 individual submissions. There does not currently exist a working group
178 for this sort of project. Our goal is to fully standardize the SILC and
179 thus submit it as RFC to the <a href="http://www.ietf.org/" class="normal">IETF</a> at a
184 <samp class="highlight">Q: How much SILC Protocol is based on IRC?</samp><br />
185 A: SILC is not based on IRC. The client superficially resembles IRC
186 client but everything that happens under the hood is nothing alike IRC.
187 SILC could *never* support IRC because the entire network toppology is
188 different (hopefully more scalable and powerful). So no, SILC protocol
189 (client or server) is not based on IRC. Instead, We've taken good things
190 from IRC and left all the bad things behind and not even tried to burden
191 the SILC with the IRCs problems that will burden IRC and future IRC
192 projects till the end. SILC client resembles IRC client because it is
193 easier for new users to start using SILC when they already know all the
198 <samp class="highlight">Q: Why use SILC? Why not IRC with SSL?</samp><br />
199 A: Sure, that is possible, although, does that secure the entire IRC
200 network? And does that increase or decrease the lags and splits in the
201 IRC network? Does that provide user based security where some specific
202 private message are secured? Does that provide security where some
203 specific channel messages are secured? And I know, you can answer yes to
204 some of these questions. But, security is not just about applying
205 encryption to traffic and SILC is not just about `encrypting the
206 traffic`. You cannot make insecure protocol suddenly secure just by
207 encrypting the traffic. SILC is not meant to be IRC replacement. IRC is
208 good for some things, SILC is good for same and some other things.
212 <samp class="highlight">Q: Can I talk from SILC network to IRC network?</samp><br />
213 A: Simple answer for this is No. The protocols are not compatible which
214 makes it impossible to directly talk from SILC network to IRC network or
215 vice versa. Developing a gateway between these two networks would
216 technically be possible but from security point of view strongly not
217 recommended. We have no plans for developing such a gateway.
221 <samp class="highlight">Q: Does SILC support file transfer?</samp><br />
222 A: Yes. The SILC protocol support SFTP as mandatory file transfer
223 protocol. It provides simple client to client file transfer, but also
224 a possibility for file and directory manipulation. Even though the SFTP
225 is the file transfer protocol the support for file transferring has been
226 done so that practically any file transfer protocol may be used with SILC
231 <samp class="highlight">Q: Does SILC support DCC or alike?</samp><br />
232 A: SILC does not support the DCC commonly used in IRC. It does not need
233 it since it has builtin support for same features that DCC have. You can
234 transfer files securely and encrypted directly with another client. You
235 can also negotiate secret key material with another client directly to
236 use it in private message encryption. The private messages are not,
237 however sent directly between clients. The protocol, on the hand
238 does not prohibit sending messages directly between clients if the
239 implementation would support it. The current SILC Client implementation
240 does not support it. This means that private messages travel through the
241 SILC Network. SILC protocol also has a capability to support DCC
242 and CTCP like protocols with SILC. None of them, however have not been
243 defined to be used with SILC at the present time.
247 <samp class="highlight">Q: I am behind a firewall, can I use SILC?</samp><br />
248 A: Yes. If your network administrator can open the port 706 (TCP) you can
249 use SILC without problems. You may also compile your SILC client with
250 SOCKS support which will proxy your SILC session through the firewall.
254 <samp class="highlight">Q: How secure SILC really is?</samp><br />
255 A: A good question which I don't have an answer for. We have tried to make
256 SILC as secure as possible. However, there is no security protocol or
257 security software that has not been vulnerable to some sort of attacks.
258 SILC is in no means different from this. So, it is suspected that there
259 are security holes in the SILC. These holes just need to be found so
260 that they can be fixed.
262 But to give you some parameters of security SILC uses the most secure
263 crytographic algorithms such as AES(Rijndael), Twofish, Blowfish, RC5,
264 etc. SILC does not have DES or 3DES as DES is insecure and 3DES is just
265 too slow. SILC also uses cryptographically strong random number generator
266 when it needs random numbers. Public key cryptography uses RSA (PKCS #1)
267 and Diffie-Hellman algorithms. Key lengths for ciphers are initially set
268 to 256. For public key algorithms the starting key length is 1024 bits.
270 But the best answer for this question is that SILC is as secure as its
271 weakest link. SILC is open and the protocol is open and in public thus
272 open for security analysis.
274 To give a list of attacks that are ineffective against SILC:
276 - Man-in-the-middle attacks are ineffective if proper public key
277 infrastructure is used. SILC is vulnerable to this attack if the public
278 keys used in the SILC are not verified to be trusted (as any other
279 protocol for that matter).<br />
280 - IP spoofing is ineffective (because of encryption and trusted keys).<br />
281 - Attacks that change the contents of the data or add extra data to the
282 packets are ineffective (because of encryption and integrity checks).<br />
283 - Passive attacks (listenning network traffic) are ineffective (because
284 of encryption). Everything is encrypted including authentication data
285 such as passwords when they are needed.<br />
286 - Any sort of cryptanalytic attacks are tried to make ineffective by
287 using the best cryptographic algorithms out there.
291 <samp class="highlight">Q: Does SILC support instant messaing?</samp><br />
292 A: SILC is not an instant message (IM) system, like ICQ and the others.
293 SILC is more IRC like system, "real-time", connection-oriented chat and
294 that kind of stuff. But I guess IRC is too called an Instant Messaging
299 <samp class="highlight">Q: Why SILC does not have LINKS command like in
301 A: It was felt that this information as an own command in SILC is not
302 necessary. Moreover, the topology of the network might be undisclosed
303 information even though the servers and routers in the network are still
304 open. We feel that the network topology information, if it is wanted to be
305 public, and the list of accessible servers can be made available in other
306 ways than providing command like LINKS, which shows the active server
311 <samp class="highlight">Q: Why SILC does not have STATS command like in
313 A: This too was considered as information that the protocol should not
314 address. We feel that server implementations will need to implement some
315 sort of adminstrative plugin, or module which provides various means of
316 accessing statistical and other information in the server. And, we do
317 consider this implementation issue, not protocol design issue.
321 <samp class="highlight">Q: Is anyone outside a channel able to see the channel
322 messages?</samp><br />
323 A: A short answer is simply No. A longer answer involves assumptions
324 about security conditions. Initially channel keys are generated by the
325 server, so if the server would get compromised it would be possible for
326 an adversary to see the messages. However, users on the channel can
327 prevent this even if the server would be compromised. It is possible to
328 set so called channel private key that only the users on the channel
329 know about. The servers does not know about the key, and therefore cannot
330 see the messages even if they would be compromised. So, longer answer
331 results into same as the short one; No.
334 <a name="f2_100"></a>
335 <samp class="highlight">Q: I have suggestions to SILC Protocol,
336 what can I do?</samp><br />
337 A: All suggestions and improvements are of course welcome. You should read
338 the protocol specifications first to check out whether your idea is
339 covered by them already. The best place to make your idea public is the
340 SILC development mailing list.
345 <a name="f3_0"></a><br />
346 <b>3. Client Questions</b><br /> <br />
349 <samp class="highlight">Q: Where can I find SILC clients?</samp><br />
350 A: The SILC client is available for free download from the silcnet.org web
351 page. Some people have also mentioned words Java and Perl when talking
352 about SILC clients. Nothing has appeared yet, though.
356 <samp class="highlight">Q: Can I use SILC with IRC client and vice versa?</samp><br />
357 A: Generally the answer would be no for both. However, there exist already
358 at least one IRC client that supports SILC, the <a
359 href="http://irssi.org/" class="normal">Irssi client</a>. The current SILC client is
360 actually based on the user interface of the Irssi client. So, yes it is
361 possible to use SILC with some IRC clients and vice versa. But, this
362 does not mean that you can talk from SILC network to IRC network, that is
366 <a name="f4_0"></a><br />
367 <b>4. Server Questions</b><br /> <br />
370 <samp class="highlight">Q: Where can I find SILC servers?</samp><br />
371 A: The SILC server is available for free download from the silcnet.org
372 web page. We are not aware of any other SILC server implementations, so far.
376 <samp class="highlight">Q: Can I run own SILC server?</samp><br />
377 A: Yes of course. Download the SILC server package, compile and install
378 it. Be sure to check out the installation instructions and the README
379 file. You also should decide whether you want to run SILC server or SILC
384 <samp class="highlight">Q: What is the difference between SILC
385 server and SILC router?</samp><br />
386 A: The topology of the SILC network includes SILC routers and the SILC
387 servers (and SILC clients of course). Normal SILC server does not have
388 direct connections with other SILC servers. They connect directly to the
389 SILC router. SILC Routers may have several server connections and they
390 may connect to several SILC routers. The SILC routers are the servers in
391 the network that know everything about everything. The SILC servers know
392 only local information and query global information from the router when
395 If you are running SILC server you want to run it as router only if you
396 want to have server connections in it and are prepared to accept server
397 connections. You also need to get the router connected to some other
398 router to be able to join the SILC network. You may run the server as
399 normal SILC server if you do not want to accept other server connections
400 or cannot run it as router.
404 <samp class="highlight">Q: Why server says permission denied to write to a
405 log file?</samp><br />
406 A: The owner of the log files must be same user that the server is run
407 under, by default it is user `nobody'. Just change the permissions and
412 <samp class="highlight">Q: When I connect to my server it says "server does
413 not support one of your proposed ciphers", what is wrong?</samp><br />
414 A: Most likely the ciphers and others has not been compiled as SIMs
415 (modules) and they are configured as modules in the silcd.conf. If they
416 are not compiled as modules remove the module paths from the ciphers and
417 hash functions from the silcd.conf, so that the server use the builtin
418 ciphers. Then try connecting to the server again. It is also possible
419 that the client IS proposing some ciphers that your server does not support.
423 <samp class="highlight">Q: Why SILC server runs on privileged port 706?</samp>
425 A: Ports 706/tcp and 706/udp have been assigned for the SILC protocol by
426 IANA. Server on the network listening above privileged ports (>1023)
427 SHOULD NOT be trusted as it could have been set up by untrusted party.
428 The server normally drops root privileges after startup and then run as
429 user previously defined in silcd.conf.
432 <a name="f5_0"></a><br />
433 <b>5. Toolkit Questions</b><br /> <br />
436 <samp class="highlight">Q: What is SILC Toolkit?</samp><br />
437 A: SILC Toolkit is a package intended for software developers who would
438 like to develope their own SILC based applications or help in the
439 development of the SILC. The Toolkit includes SILC Protocol Core library,
440 SILC Crypto library, SILC Key Exchange (SKE) library, SILC Math
441 library, SILC Modules (SIM) library, SILC Utility library, SILC Client
442 library and few other libraries.
446 <samp class="highlight">Q: Is the SILC Toolkit Reference Manual Available?</samp><br />
447 A: Yes, partially completed reference manual is available in the Toolkit
448 releases as HTML package and they are available from the silcnet.org
449 website as well at the <a href="?page=docs" class="normal">documentation </a> page.
453 <samp class="highlight">Q: How do I compile the Toolkit on Unix?</samp><br />
454 A: You should read the INSTALL file from the package and follow its
455 instructions. The compilation on Unix is as simple as compiling any other
456 SILC package. Give, `./configure' command and then `make' command.
460 <samp class="highlight">Q: How do I compile the Toolkit on Win32?</samp><br />
461 A: We have prepared instructions to compile the Toolkit on Win32 in the
462 Toolkit package. Please, read the README.WIN32 file from the package for
463 detailed instructions how to compile the Toolkit for Cygwin, MinGW and
464 native Win32 systems. We have also prepared ready MSVC++ Workspace files
465 in the win32/ directory in the package that will compile automatically
470 <samp class="highlight">Q: Does the Toolkit package include any sample code?</samp><br />
471 A: Yes, naturally. It includes sample codes for two different SILC Client
472 implementations, and SILC Server. Win32 samples are included in the
473 win32/ directory, for simple client.