OK, didn’t post as many things as I’d have liked, partly because they required masses of cleanup and partly because I finally figured out an easy way to do something I’d been puzzling over for a while: encrypted webcam chat. (Your definition of “easy” may vary.)
What does it do?
It allows two people with webcams to conduct a secure video chat with each other, complete with audio. The connection is encrypted, authenticated with a shared secret so you know you’re connected to the right person, and in theory has perfect forward secrecy.
What’s the catch?
Lots of caveats here – webcams, video compression, video streaming and encryption are each quite hard to get right on their own! Firstly, it just doesn’t work at all through NAT or firewalls, which means most users can’t use it. Secondly, it’s a tad glitchy and the latency is still a bit sub-par. Thirdly, it’s only been tested under Linux – Windows and Mac OS X should work in theory, but I don’t have either installed. Fourthly, I have no idea if it’s actually as secure as it claims.
OK, where do I get it?
From the Git repo here. You’ll need to install python 2.7, VLC, and PyQt4 to use it. Both ends should run receive.py, click the “connect” button, and enter the same secret passphrase. If you’re lucky it’ll actually work.
The stream is encrypted using libvlc’s SRTP support. Key exchange is done using a Diffie-Hellman exchange authenticated through HMAC-SHA1 with a shared secret. Note that this means that anyone intercepting the unencrypted key negotiation can carry out unlimited offline brute-force attacks against the shared secret. I should probably use a proper PAKE scheme but this would require a major redesign.