don't panic.

[ local ] [ off site ]
BET : BET's Encrypted Talk
Blowfish Encrypted Talk ? | Better Encrypted Talk ? | Best Encrypted Talk ? | Bad Encrypted Talk ?

Most recent: Stable 1.1

BET will be a replacement for the classic talk program. All data from client A to server to client B will be encrypted. This is good. There does not exist any talk variant that currently does this.

By downloading any version of BET and the Blowfish library, you agree that:

  • You and your computer are operating within the United States.
  • You are not a foreign national.
  • You are aware of the United States Export Administration Regulations on cryptographic software.

BET requires


  • Diffie Hellman key exchange
  • 128 bit CBC Blowfish encryption
  • Superduper ciphertext viewer
  • Process time random exponent generation
  • biff notification: point an xbiff at $HOME/.bet.requests and the biff will notify you of talk requests (in addition to having the daemon write to your tty)


  • Jun 24 - Project begins. Currently client connects to server and performs Diffie-Helman key exchange.
  • Jul 8 - Back from fishing. Fishing was good. Now I code. Currently the client and daemon communicating very well. client states name and host, and with whom to speak to, and daemon checks utmp to see if the fellow is logged in. If so, writes a message to the correct tty. Optimistically, if I don't do anything this weekend, I might have some encrypted bet sessions in test.
  • Jul 10 - Wow. Major rewrite. I had made a mistake early on in the protocol and that required lots of changes. But now the clients connect and talk to each other and stuff. I already wrote the key exchange stuff, so shoving that in should be trivial. Maybe tomorrow. Probably not. By next weekend i hope to have the key exchange and at least one encryption algorithm in place.
  • Jul 15 - Guess what? Another rewrite. No more forks. Multiplexing the I/O now. Should clean up a lot of the stuff. Hope to be back to where I was by Friday.
  • Jul 18 - Most everything is done (for a ver0.0 release). Just finished the curses stuff for the terminals. Key exchange is done. Everything is working, cept I haven't added the actual code to do the encryption.

    Oooh! A screenshot of Jeff talking to himself (locally).

    Oooh! A screenshot of Jeff talking to himself (from cali to mad).

  • Jul 19 - I added code to take the 1024 bit secure Diffie-Hellman exchanged key and ... mod it by 128! Yup, the first cipher implemented in BET is a shift. Secure? No. Proof of concept? Okay. Also some nice command line stuff. The 31337 bitstream can be replaced with a k-r4d ciphertext viewer, or turned off. I am just beginning to appreciate ncurses. If the BET window starts looking too much like a circa 1989 bbs with ANSI art, just let me know and I'll let up on the nostalgia.
  • Jul 20 - All functionality for an alpha release has been included. Clients resolve names and a specific tty can be specified to talk to. Just need to clean up all the code and add a configure script to it.
  • Jul 21 - 128 bit Blowfish added. Slightly better than yesterday's shift.
  • July 23 - Alpha available. Requires Gnu Multiple Precision library. This builds for certain on OpenBSD and Linux. I did not have a successful compile of BET on Solaris. I assume the other BSDs work as well.
  • July 25 - Works on Solaris. Needed a more recent ncurses library.
  • July 26 - Scrolling of ciphertext is more l33t now. d00d. And backspace works better.
  • July 27 - Fixed all known problems. Put in a divider. Turned cipher hex off for default. Use -x to turn it on.
  • Aug 4 - Added date output to the betd tty write. Only makes sense, eh?
  • Aug 6 - Thought I fixed backspace. I didn't. Please try again.
  • Aug 6 - I fixed backspace. I think.
  • Aug 6 - Default port is 1337. That is what it was supposed to be originally. It kinda looks like it spells "BET", but not really.
  • Aug 6 - Changed the exponent generation to depend upon key timings. This is good. Your welcome.
  • I guess it's time for another screenshot.
  • Aug 7 - Noticed that the ut_name field of struct utmp on OpenBSD stores the X display also, thus fooling betd when doing a strcmp(). Changed it to do a strncmp().
  • Aug 8 - "./configure ; make"
  • Aug 9 - I have added some safety features to improve security (for example, not trusting betd to give out a prime). I am hard coding in a prime and residue of proper form for the key exchange. If anyone has a 1024 bit or greater Sophie Germain prime lying around, please give it to me.
  • Aug 10 - What did I fix in the new 0.0l ? Wow. Well, now the clients expect the prime that they were compiled with. I have a 512 bit Sophie Germain prime as the current modulus. Small enough to foil most, but not all. I think the first beta will have an ~ 4000 digit modulus. The configure script is nicer, and stops when it should. I also clear out unneeded memory better now. I still need to lock the memory required for the Blowfish key to keep that from swapping.

    There was also a typo. The clients were expecting betd to give them p, and then x. The daemon was sending x, then p. I'm sorry. Something like this couldn't happen now, since the clients make sure that the daemon gives them primes. And if the prime isn't what betc expects, it tells you. If you are using this program frequently, you definitely want this version. Lots better than the previous.

  • Aug 10 - Added mlock() around all the secret agent keys. Warns if can't mlock() the memory.
  • Aug 11 - betd now finds the least idle tty of the requested user and writes the message to that device. Previously, the first tty encountered while reading utmp was used. Of course, you may still specify a particular tty that you know the user to be logged in on.
  • Sep 2 - don't return -1 if stat() of device fails.
  • Sep 27 - upped the version to 1.0
  • Oct 28 - after a long hiatus, I have done something. A -d option adds a small (0.0 - 0.25) second delay to the transmission of ciphertext to thwart timing attacks.

since 7/22