Please optionally decrypt with ECB, even if configured for CBC

Question

Please optionally decrypt with ECB, even if configured for CBC

Closed this issue 4 years ago · 1 comments

It would be nice if /setkey would operate as a hint for decryption, rather than requirement. If I "/setkey cbc:abcdef", obviously the plugin must encrypt my messages with CBC, but the decryption path could first try to decrypt with CBC, and if that fails, try to decrypt a message as ECB (with the same key). Messages successfully decoded with ECB could print an extra leading character, like the bold greater than, >! or >(ECB!).

This would help ease setup and diagnosis of client misconfiguration when several parties are coordinating over an encrypted channel.

Answer 1 · 2021-02-05T16:35:19.000Z

Well @asjoyner fish doesn't have integrity checks for the messages, if it tries to decrypt a ECB crypted message with CBC, fish will decrypt it, but it will just return garbage. And fish doesn't know how to differentiate garbage from real text, so the "if that fails" cant be done.