Junglecow's Status Page

Currently working on: better SSL/TLS support

Improving SSL in Gajim

Problem
Currently, Gajim supports neither fingerprint not certificate validation, making it vulnerable to MITM attack
Impact
  • False sense of security
  • It's possible to spy on your connection
  • Your connection can be modified arbitrarily
  • Password can be stolen (By virtue of the previous point, we can force plaintext SASL authentication, even if the server doesn't support it.)
We're not talking your favorite shady TLA here; this is something any smart local system administrator with router access can do, using nothing more than stunnel, netcat and sed. Also, any hacker on the same network can do this using more advanced tools (PDF).
Recommendations
  • Do not use Gajim from an untrusted location such as an internet cafe or university.
  • Do not use Gajim over an insufficiently secured Wireless link.
  • Do not use Gajim on any public wireless network, regardless of encryption level.
  • Do not use Gajim on cable providers with a "shared segment".
  • Use PGP where possible, and inform your contacts to only accept PGP secured chats, even if "you" later tell them you lost your key or something.
  • Be prepared for the fact that your password may be stolen.
Complications
Python's own SSL API does not support any kind of validation. It doesn't even provide access to the server certificate's fingerprint, let alone validate certificates.
Resolution
Use an external library for SSL and add the necessary security functions to Gajim.

Todo

  • ☐ Add fingerprint support to Gajim (#2499)
    • ☑ Basic implementation
    • ☐ Fix sequence problems (report successful connection after handshake done, not before)
    • ☐ Add fingerprints to ACE
    • ☐ Implement snarfing of fingerprints
    • ☐ GUI things (TBD)
  • ☐ Add certificate support to Gajim (#720)

Done

  • ☑ Select a suitable SSL library
    • TLS Lite
      + The cleanest API I've seen
      + Pure Python: highly portable (But can take advantage of some other crypto libraries for speed)
      + Public Domain license: Free to pretty much do whatever we want with the code
      – Not in Debian (and presumably not in other distributions either)
      Rejected: Only supports RSA keys (no DSA)
    • pyOpenSSL
      + Debian package available
      + Created because of deficiencies in M2 Crypto
      – Incomplete (but which parts are missing, do we need them?)
      – Lacks CRL support
      – Kind of old
    • M2 Crypto
      + Debian package available
      + Seemingly this is the most used crypto library for Python
      – Seems to have some problems
      – Also seems to be growing old
      – Additional dependency on SWIG
    • Python OpenSSL Wrappers
      – Old, incomplete and unmaintained (last release 4 years ago). I won't even consider this unless I seriously run out of options.
    • TLS Lite, implement full crypto ourselves (ouch!)
  • ☑ Use this library in a personal project (to get the hang of it and verify that it does indeed work and provide what Gajim needs)
  • ☑ Set up a build environment for Gajim and build from SVN
  • ☑ Refactor so stable and SVN can run simultaneously from separate configurations
  • ☑ Make Gajim use new SSL library (with fallback to old library)
    • ☑ Implement
    • ☒ Wait for mailinglist response regarding "first num too large" error
    • ☑ Stumble upon a solution myself: just ignore it
    • ☑ Get wider testing
    • ☑ Remove debug messages and cruft

Random Ideas & Suggestions

  • (junglecow) Distribute a fingerprint database with Gajim so casual users do not have to be confronted with an "unknown fingerprint" dialog. (Fingerprint checking can then be enabled by default.)
    • servers.xml seems like a good place to put that information
      • ☐ Write tool to automatically gather fingerprints, using servers.xml both as input and as output
  • (junglecow) Gajim Web of Trust: Add a "fingerprint server" to Gajim, so other xmpp users can query our fingerprint/cert db. When we get a certificate error, Gajim can then automatically query other Gajim users in the roster, as well as perhaps some 'designated servers' by people who have agreed to have their jid distributed with Gajim as such, and who will put in special effort to keep their database up to date. Add a switch to disable this server for people who are especially worried about their privacy.

Feel free to add your own comments and suggestions.