Psifur is a development of cryptext.pl - my initial encryption system for XChat. Psifur features a clearer command structure and a far more robust keystream generator. I still don't consider this "industrial strength" encryption - though there are some pathetic commercial apps out there. Psifur corrects all the known issues with cryptext's keystream generator and is now far less likely to generate a repeat keystream. (cryptext would generate a repeat keystream once in 256 iterations from the same key).
Psifur is an encryption script for the XChat IRC client (Thanks to JSnow from magicguild.dwarfstar.net there is now a Windows version of psifur.) It is written entirely in perl and requires no separate perl modules for installation. The encryption algorythm uses a simple dynamically generated stream cypher to encrypt text sent to channels or query windows. The stream is generated with calls to the crypt() function and security comes from separate keys and a random initilization vector. This is not expected to stand up to a serious cryptoanalytic attack, but should be sufficient for casual use on IRC.
Users can select between 16 configurable keys, and set 6 of them dynamically. This lets you share different keys with different individuals or groups. The script will automatically identify encrypted text and select the matching key. Each time text is encrypted to channel, the script will select a random initialization vector to give a broader variation in the keystream. A combination of random IV and the length of the plaintext make duplicate keystreams less likely on each given key.
The name, by the way, is an obvious (bad) pun. I changed it because there were already several products called "cryptext" in existence.
Download the gzipped tarball (below) and copy it into your xchat scripts directory. The default is .xchat/scripts on recent versions of xchat. gunzip and untar the file. You will need to edit the $SCRTPS_HOME variable in the psifur<ver>.pl file to reflect your actual configuration. You may wish to change or add keys to the psifur.conf file. Once you have the edits done, simply load the file from the GUI or with the /load command.
Download the current file: psifur1.2.tar.gz
Download the 1.0 or 1.1 to 1.2 patch: psifur.patch.tar
Download Psifur for XChat Win32: psifur-win.zip Courtesy JSnow of magicguild.dwarfstar.net
Download the mIRC port (from a separate site) from Magicguild
The cryptext versions are no longer available at this site. Sorry.
The heart of any stream cypher is the keystream. cryptext uses the UNIX crypt() call to generate the keystream each time it encrypts or decrypts text. (I have not tried to port this to XChat for Win32. No idea whether Windoze has an equilivant to crypt() accessible from perl) When encrypting text, it calls crypt twice with a randomly generated IV and the currently selected keyi. The key is modified with the length of the plaintext and the random IV. The second call is made with the reverse of the selected key, giving a longer keystream. If the string to encrypt is longer than the keystream, psifur will make additional calls as needed, modifying the key each time. Decryption is identical, though it takes the IV and key selection from the "header" of the encrypted string.
The crypt() function call provides a reasonable hash function to generate a random string from the given key. Since the key is modified on each round both with the length of the plaintext and the content of the random IV (used for the salt, actually) it is far less likely to create duplicate key streams. This is less than perfect, of course, but puts most of the strength into the key rather than relying on some sort of fixed substitution string. The crypt() call assures the keys will never be directly observed. Using Crypt::CBC and the Blowfish, 3DES, or TEA cyphers, for example, would be stronger but require more modules and configuration - and still have issues with key management.
Psifur is intended for casual use, and should prove adequate for most needs. If you're worried about organizations with three-letter-acronyms, you shouldn't be using IRCi to communicate.