It's encrypted. Here's the section on encryption that was done for a research paper that you can find here
IV. Trillian Encryption
Trillian version .74 and 1.0 both support Secure Instant Messaging for AOL and ICQ.
This is a key feature of Trillian that must be examined in order to validate whether
Trillian truly supports sending secure IM across the public Internet. Trillian uses a
combination of the Diffie-Hellman key exchange with 128-bit Blowfish Encryption in
order to secure AOL and ICQ forms of messaging. This combination provides Trillian
with a basis for sending and receiving Instant Messages securely from one Trillian user
to another. Both the source and destination user must use Trillian in order for a secure
link to be established.
A. Diffie-Hellman Key Exchange System
The Diffie-Hellman key exchange system was publicly introduced in 1976 by Whitfield
Diffie and Martin Hellman. It was the first system to use a “public key” or “asymmetrical”
key (Palmgren, 2003). An asymmetrical key is unique for each user, but mathematically
can be used to derive a common key. The procedures used in the Diffie-Hellman key
exchange are provided in Figures 2 - 6. The process is diagramed in the most basic
method with integration of how it is used in the Trillian application. The key exchange
uses modular mathematics to derive the shared secret key and is depicted by the
mathematical operator icon in the process flow in Figure 4. The six steps of the process
are as follows:
Step 1 – Generate Public and Private Keys
Both User A and User B create private keys. From their private key they create a public
key. At this point all keys are unique, but mathematically will be used to derive a shared
key, which is identical for both User A and User B.
Step 2 – Transfer Public Keys
User A transfers his public key to User B. User B transfers his public key to User A.
Each user now has their private key and the other user’s public key.
Step 3 – Derive Shared Secret
Each user derives the common shared secret key by running a mathematical operation
against their private Key and the other user’s public Key. The mathematical operation
results in an identical shared secret key which will be used by both users to transfer the
symmetrical key which is detailed in Step 4.
Step 4 – Transfer 128-bit Blowfish Symmetric Key
The symmetrical key is then used to pass data. Using a symmetrical key for the actual
data transfer allows for quicker encryption and decryption within the system. Trillian
uses 128-bit Blowfish encryption for its symmetrical keys. In this step, the symmetrical
key is passed from User A to User B. The shared secret key facilitates the secure
transmission of the 128-bit Blowfish symmetric key.
Step 5 – Encrypt Data Using Symmetric Key
At this point a secure 128-bit symmetric key has been passed between User A and User
B. The symmetric key is used to encrypt and decrypt all data transmissions between
User A and User B.
The Diffie-Hellman key exchange primary limitation is in a susceptibility to man-in-themiddle
attacks. This type of attack occurs in the following manner:
User A sends his public key to User B, User C intercepts the key and sends his
public key to User B instead.
Upon receiving the key, User B sends his public key back to User A. User C
intercepts the key and sends his key to User A.
User A and User C agree on one shared key, while User B and User C agree on
another shared key.
After this, User C decrypts any message sent out by User A or User B, reads
and modifies them, re-encrypts them with appropriate shared key and sends
them to the perspective user.
This traditional limitation can be resolved by incorporating digital certificates and the
station-to-station protocol. In the case of Trillian, users connect via authentication to
the IM vendor specific servers. A specific user is selected to start a Secure IM session
and an assumption is made that the individual logged in is that particular user. At this
time, the Diffie-Hellman process begins. Under these conditions a man-in-the-middle
attack is less likely. It would be more likely for someone to crack a user’s password
and attempt to impersonate a user, than to try to act as a middle man.
The Diffie-Hellman key exchange process has been in existence for over 25 years.
Outside the man-in-the-middle attack, this process has stood the test of time. It is
widely used and accepted in the industry as a leader in securely passing keys.
B. Trillian Encryption – 128-bit Blowfish Encryption
Trillian uses 128-bit Blowfish symmetrical keys for data transmission. Symmetrical keys
are used instead of asymmetrical keys, because they provide faster data transmission.
Also, encryption and decryption of data takes place more effectively than in a system
with asymmetrical keys.
Blowfish is a block cipher designed in 1993 by Bruce Schneier as a fast and free
alternative to existing encryption algorithms. Blowfish has been analyzed for the past
10 years and no significant weakness has been found in the algorithm. Because of its
strength it has been implemented in over 130 commercial applications. Blowfish uses a
64-bit block cipher which means it encrypts and decrypts data in chunks of 64-bits. The
key length varies from 32 to 448 bits. Trillian uses a 128-bit key length (“Blowfish
A block cipher such as Blowfish can be explained in simple terms through Figure 7.
The block cipher uses a mathematical computation in order to transform the Plaintext
Block and the Key into a Ciphertext Block output (“Block Cipher”, 2003). The
mathematical process is significantly complex in nature. In general, the algorithm
consists of a data-encryption piece that converts the 128-bit key into several sub key
arrays. Data-encryption occurs via 16 passes through the complex set of key and datadependent
substitutions and permutations (Schneier, 2003).
Although effective in encrypting and decrypting the data, a larger key would prove more
valuable and secure. The larger the key, the more difficult it would be to crack, so it is
recommended that Trillian move to a larger key at some point.