And design - you can now choose from more than twenty different skins when you log on to converse in private with your friends, and if you want to add a new skin, it's easy with the help of the skin design page and the included templates.
AnoChat is software for chat using 3DES encryption.
This software is meant for encrypted group conversations in form of a chat room.
The purpose was to provide a reasonable chance of a private conversation on the internet in a webpage, without traces or logs, and with the content of the conversation encrypted. It should be done in a simple and easy distributable way, so that people can download the scripts and install on their own web servers and domains, without specially installed software for encryption.
The idea is that a group of people creates and updates one chat-file on a server with encrypted content for a given moment of time, then deletes the file. It is a private conversation and nobodys business. The file can be accessed by all from any PC, there's no software needed to install. All they need to know is a token phrase and the address to a server where AnoChat runs, and which time to log on.
The conversation will not be entirely without traces as the sent encrypted hashes is stored in the webserver log, but the key to decrypt them will not be known.
How to create a chat Go to the AnoChat main page and search for the phrase you have agreed upon. If the chat exists, it will let you log on. If it does not exist, you can create the chat.
This phrase is the only thing you need to know. Here's an example:
The new search in version 1.0 returns a row of skins to choose from. The user clicks on the preferred skin to start the chat window.
The chat windowOnce the window starts, the user logs in using the same code phrase as was used for the search, and a random nickname. The nickname is encrypted with the MD5-digest of the code phrase.
The room starter also must set a topic for the chat, the subsequent users won't have to. The topic is encrypted before sent to the server.
The user Pitus has access to the same chat room and content after logging in, but with different colors and graphics as he has chosen another skin.
The chat has text color formatting functions, and you can use smiles. It also autoconvert links to clickable links, and create images from image url. Every chat line is encrypted on send, and appended the chat file on the server. The co-chatters and their level of activity will be visible on the right side as they log on.
The Chat FunctionsAuto-refresh The auto-refresh has a fairly advanced system of adjusting itself to the users activity. One of the problems with chat hosting is the constant refresh of new content from the server. Let's say you have a refresh rate programmed into your chat client of 5 seconds. It will then poll the server for new content every 5th second. OK, any server can cope. But then if you have 50 clients online, each pinging the server every 5th second, the server will be pinged many times a second.
But if there should be any point in chatting at all, you must refresh from time to time, else it is too quiet. The solution is to tune the refresh to the user activity. This can be changed in the anochat.js, but with the auto refresh as it's set as default, you get the following degradation when the user is inactive (does not post):
You get 10 sec. refesh rate for 4 refreshes, then it drops to 20 sec. refresh rate for 4 refreshes and 30 sec. refresh rate for the next 4. Next level is 1 minute, where it stays for 10 refreshes, before it drops to refresh every 5 minutes for 4 refreshes. Next again is every 30 minutes, which it does 4 times before dropping to a ping every hour, where it stays.
In cleartext: 10 sec refresh / 40 seconds 20 sec refesh / 80 seconds 30 sec refresh / 120 seconds 1 min refresh / 10 minutes 5 min refesh / 20 minutes 30 min refresh / 2 hrs 1hr refresh - forever, or for 2000 refreshes
When the user posts, the timer drops to refresh every 10 sec again, and the pattern repeats. The auto refresh can also be turned off. Default is On.
Show time A preference; show or hides time in the chat rows. Default is Off.
Smiley insert with a click I am a smiley man. I'm sorry, but that's how it is The smilies can be inserted with a click on the smiley you want. Pure rocket science.
Color formatting of post text The user can format the text with colors by selecting from the dropdown.
Auto conversion of links and images There's no point in advanced formatting in a chatroom where all content will be deleted shortly, but simple conversion of links and images are performed on the text. To post a link, you post an url. To post an image, you post the url to the image.
Room list with activity status The users in the room list will have indicators of their last activity, and change color as they drop down the list.
The login and logout The login and logout on this system is not an authentication, it is a service for your co-chatters to see whether you are there or not. Remember, nothing leaves the users browsers without being encrypted, so the server has no data with which to perform an authentication. The authentication lies in the fact that only the group knows the key to decrypt, others don't. The last person in the room to logout will delete the chat file.
Tip: To post messages without clicking Send: Ctrl+Enter in Internet Explorer Arrow up in all other browsers
NOTE: The chat room inhabitants is operating in a total democracy. There are no admins, no ban functions or auto scripts. Due to the nature of how the AnoChat works, it's no point. If you don't want a person in the chat room, don't give him the code phrase. If somebody annoys the chat room, drop it and create another.
How to installUnzip and copy the contents of the 'root' directory to your web root, or where you want to have the chat.
The anochat.php and the acinstall.php need to be executable for the webserver user. This worked for me in linux: chmod 755 anochat.php chmod 755 acinstall.php
You can then access the install.html page by your browser, and check the progress of the installation while you do the rest.
Next, you need to upload the 'progs' directory to a secret location, preferrably outside the web dir. Inside the 'progs' directory is the directory for the chat files, called 'chats'. This must be world writable (777) or owned by the server user (Apache: often 'nobody'). Try: chmod 777 chats
The dir setup, suggested: root - img - js - skins - smiles progs - chats
Edit the file config.php in the 'root' directory, and set the correct paths:
## Absolute path to progs (includes) dir. No trailing slash ## $prog_dir = "/path/to/progs dir"; ## Absolute path to web root dir. No trailing slash ## $root_dir = "/path/to/root dir";
You can also change the directories for chats and skins, but the default values will work fine. Use the install.html file to verify your installation when you're done. All values should be blue or green, and you should see a table with the installed skins as thumbnails.
Once you have installed the chat, delete the install.html and the acinstall.php.
To create a new skin: Each skin has a style sheet in the skin folder, called anochat.css. You can edit all values for each chat window in that stylesheet. In addition to the style sheet, each skin usually has a background image, and to make it visible: a thunbnail called: skinthumb.jpg The skin won't show up without that thumbnail, which size is w150xh137. There are two transparent gifs to help you design a new skin in the folder design_templ. There is also the page designchat.html (show to the left), which is made to help you design skins.
The chat window is created from the index.html and does not have it's own url.
Key/ID generation and 3DES encryption
Encryption example var xKey = 'i love my thick fleece jacket'; xKey = MD5(xKey); var xmessage = 'This is the secret message for encryption'; var thash = des(xKey, xmessage, 1, 0); var phex = printHex(thash);
The PHP scripts
There are only two php scripts needed to run, the anochat.php is the main script, while the various functions are included from cFunctions.php. New in version 1.0: the config is moved out to a standalone script; config.php
New in AnoChat 1.0 The new version has some new scripts to help design new chat windows, and also a check installation script, to help you get it all right. There are also some transparent gifs to help design the windows.
BreakdownColor codes: Private key Public key Encrypted string
The auth code is generated from the token phrase, and it looks like this:
Clear text code (private) MD5 once code (private) MD5 twice code (public)
MD5 is not reversible, it is a digest, not encrypted data, meaning that anybody having access to the md5twice cannot use it to get the other versions 'decoded' in any way. All encryption is performed as triple DES with the md5once version as key.
The md5twice is used as the chat id when sending data to the server, and a file on the server is created by php, which does another md5 on the md5twice before using it as the chat file name, for security reasons.
Routine for sending data: Your clear text phrase is used to generate two keys, let's use an example:
The phrase is 'i love my thick fleece jacket'
The MD5 digest of that phrase would be: 81d8ca049cfc833aa4b95d3867dad927 This is your key for encryption. It is never transmitted over the network.
Twice MD5 of that phrase would be: 35075230be6ac06a0f6aa137a515a729 This becomes the chat id, and subsequently, the group id. It is in the public domain.
Triple MD5 of that phrase would be: 112b79b57ce70347922c2ab6c561921f This the file name and chat ID which php uses.
The length of the string will depend on the length of the message sent. It will also encrypt the nickname of the chat user before relay to server. Once all data is prepared, the encrypted strings is sent to a php-script at the server, where the chat line are stored in the file.
When in chat mode, there are two states that fetches new content; the Send and the Ping. The Send is your action to encrypt and send the message, and the subsequent return of data. The Ping is a read only request for new content, and may be set to auto refresh.
Here are send and return, as seen in Network Active Sniffer:
Security issuesHow secure is secure? It depends on your needs. This isn't a system for top secrets - if you need transfer of vital critical data, install SSL on your web server. The encryption done here is performed with an algoritm called 3DES, or triple DES. It's fairly tough to break. The keys with which the content is encrypted is never transmitted over the net.
What is encrypted? The users nickname The chat topic The chat conversation
Security by dispersion The more people who uses encryption software, the better. The dispersion of scripts like this to a number of servers is more secure than having one sentral site where everybody goes to chat with encryption.
Client security versus server security This routine takes for granted that your PC isn't infected with spyware, virus and such. Security starts at home, and if your PC has a password-sniffer installed, nobody can help you on the server side. The server, in this case, has no responsibility - it just receives the encrypted content and stores it for the set amount of time. I was contemplating to set some kind of password for authentication, but then it would be another system, with user administration and control.
Known bugs / DevelopmentThe auto refresh does not work in Konqueror for Linux and Opera for Windows. Opera had the worst performance in the testing, but the chat still works there too. Turn off auto refresh in these browsers, as there are some cache issues with the chat ping. I'm looking into that.
In addition to the above, the chat is tested in Mozilla FireFox for Windows and Linux - it performs well. It is also tested in IE 6 for windows, it performs well there too.
This software is a derivate of fastLogin 2.5 Open Scripted Login Opacity (OSLO). Code by Knut Møgster - reDesign 2007 NOTE: The author does not garantee for your privacy by publishing this software. The best thing to use if you are in serious need of privacy is SSL or other fully fledged encryption libraries. This is an _attempt_ to improve on your privacy under open http protocol.
The AnoChat is released under an open license and you may use it or develop on it as you want.
Large number of US citizens demonstrated against the war in Iraq (and the possible war in Iran) during this October weekend. Massive turnout in Boston and San Fransisco, and also in Chicago, LA and DC people took to the streets. The message was: NO more war in Iraq! NO to a war with Iran!