Authors: Ford Atwater, Adrien Tang, Matthew Cam
What is the problem?
As we all know, information passed through networks is not secure. Eavesdropping, the act of interrupting data in-transit to read its contents, is common practice in identify theft and breaches of security or privacy. To avoid this, information is encrypted before it is sent, appearing as nonsense bytestrings while in the air. When the data is received, it is then decoded using a key only otherwise known by the encryptor (sender).
Our project emulates this process, called end-to-end symmetrical encryption (the same key is used for both encryption and decryption), by implementing a chat server, where messages (strings) are encrypted and decrypted locally. The keys are passed locally as well, sent to the receiver's phone, preventing anyone from eavesdropping on the chat server itself.
What is the something extra?
The chat server will be deployed to Heroku, a free server service. This will allow you to communicate securely with anyone across the internet, provided they have the Haskell and cryptography packages installed on their local computer.
What did we learn from doing this?
Encryption Implementation Difficulties:
Our initial idea was to use the system to generate a random number, which would serve as salt for the key, which is initialized off of the usernames of the chat room members. The key would then be used in an AES256 cipher to code the messages sent. Since the keys are symmetrical, the receiver could use the same key to reverse the AES256 process on their local machine. Most of our code is functional: the salt is properly generated at random, the messages are properly packed and unpacked into bytestrings, and messages can be successfully encrypted with SHA256. Unfortunately, we ran into difficulties with the key bit size, and had to do something different instead.
AES256 only accepts keys of 32 or 16 bits. The cryptography package for Haskell is supposed to pad / cut potential keys to the proper size through a PKCS7 algorithm, however it was failing to do so correctly. Our keys were coming out 13 bits. In the git repo above, we attempted a key repair program, however the code was quite beyond us and never executed properly.
The State of Encryption Now:
Due to time constraints, we implemented an extremely simple Caesarian Shift cipher to encode our messages instead. Unlike our previous idea however, this encryption isn't very representative of what goes on in the real world, as generating artificial collisions for Caesarian Shift ciphers can occur on a simple computer. For example, for the alphabet, any key can be artificially collided granted:
mySecretKey = randomGuessKey % 26