Trillian (software)#SecureIM

SecureIM is an encryption system the software company Cerulean Studios that was written for the Trillian Instant Messenger. It only works on the OSCAR protocol (ICQ ) when both participants use Trillian and at least one has built a SecureIM connection. Miranda allows a plug-in also the use, but also with the restrictions mentioned above.

Operation

The messages are encrypted exchanged between users, so that all intermediate network points can not read along. However, messages are not authenticated and therefore are vulnerable to man -in- the-middle attacks.

According to the manufacturer SecureIM uses 128 -bit Blowfish encryption, and only works with the Oscar protocol. Miranda uses a 192 bits AES encryption.

Criticism

The SecureIM encryption is weak in practice and offers many opportunities for attack. Apart from the lack of protection against man-in- the-middle attacks can also be a passive attacker the key that is used for the Blowfish encryption, calculated within a few minutes, since only a 128-bit modulus is used for the key exchange ( would be needed least 1024 bits). Compared with the usual many instant messaging clients clear text communication that can be tapped readily provide SecureIM encryption but still an improvement dar.

Compatibility

For the instant messenger Miranda exists an eponymous plugin. In this case, however, a 192 bits AES encryption is used, which is also compatible with other Miranda users.