Professional Documents
Culture Documents
PRIVACY
Encryption and Privacy
"They that can give up essential liberty to obtain a little temporary safety deserve
neither liberty nor safety." Benjamin Franklin, 1759.
Security and privacy have long been important issues forming the basis of numerous
democracies around the world. In the digital age, securing personal information and
ensuring privacy pose to be issues of paramount concern. At first glance, one might find
it gratifying that an online website greets the person by their first name, sends them
emails when goods of their taste are added, or recommends goods services based on their
demographic profile, previous visits, etc. An astute surfer though will also see the privacy
drawbacks in such services. Who else is being provided this information? Is there a way
to ensure the security of this information? What happens with the information if the
company meets financial diffuculties and has to liquidate its assets? Where does all that
"private information" go?
Many studies over the last few years have suggested that a majority of consumers are
concerned about when, what and how their personal information is being collected, how
this information is being used and whether it is being protected. They want to know
whether the information is being sold or shared with others, and if so with whom and for
what purposes. They also want to have control over their privacy in today's digital age
where strides in telecommunication, storage and software technologies have made
monitoring a person's activities effortless.
The Internet, once a research tool has grown into a mammoth educational, entertainment
and commercial implementation. The advent of commerce on the Internet exposed the
lack of security over this public network. The incorporation of encryption (especially
strong 128 bit encryption) into Internet browsers and web servers quelled this concern to
a certain extent. There was still the matter of storing the information sent over the
Internet in a safe manner. Firewalls and encryption software evolved to ensure that the
computers and data on the Internet were safer.
What can be done regarding these important issues? Part of the solution is to secure
important data - more specifically, using strong encryption. Educating end users and
corporations on the use of email and file encryption software, data encryption during
transmission using VPNs, password encryption on public interfaces and use of encryption
software like PGP, F-Secure and 128 bit version of IE/NS will lead us closer to the end
goal of a safer Internet.
The growth of the worldwide Internet user base and with Internet based transactions
believed to reach well over a trillion dollars in the next three years, it makes sense for the
parties involved to secure the Internet. Haphazard handling of financial and personal
information can lead to the Internet being constantly associated with fraud and privacy
abuses instead of being a viable commerce medium.
History of Encryption
Encryption pre-dates the Internet by thousands of years. Looking back in history we find that
Julius Caesar was an early user of cryptography. He sent messages to his troops in a simple but
ingeneous method. A letter in the alphabet was replaced by one say 5 positions to the right. So, an
"A" would be replaced by an "E", "B" by "F" and so on. Hence RETURN would become
VJYZVS. But as it can be seen, this cipher can be easily broken by either figuring out a pattern,
by brute force or by getting ones hands on a plaintext and ciphertext combination to deduce the
pattern.
Users of Encryption
A few decades ago, only governments and diplomats used encryption to secure sensitive
information. Today, secure encryption on the Internet is the key to confidence for people wanting
to protect their privacy, or doing business online. E-Commerce, secure messaging, and virtual
private networks are just some of the applications that rely on encryption to ensure the safety of
data. In many companies that have proprietary or sensitive information, field personnel are
required to encrypt their entire laptops fearing that in the wrong hands this information could
cause millions of dollars in damage.
How Encryption Works
The concept behind encryption is quite simple - make the data unlegible for everyone else
except those specified. This is done using cyrptography - the study of sending 'messages'
in a secret form so that only those authorized to receive the 'message' be able to read it.
The easy part of encryption is applying a mathematical function to the plaintext and
converting it to an encrypted cipher. The harder part is to ensure that the people who are
supposed to decipher this message can do so with ease, yet only those authorized are able
to decipher it. We of-course also have to establish the legitimacy of the mathematical
function used to make sure that it is sufficiently complex and mathematically sound to
give us a high degree of safety.
The essential concept underlying all automated and computer security application is
cryptography. The two ways of going about this process are
Secret Key - This is the input for the algorithm as the key dictates the encrypted outcome.
Cipher text - This is the encrypted or scrambled message produced by applying the
algorithm to the plaintext message using the secret key.
Decryption Algorithm - This is the encryption algorithm in reverse. It uses the cipher
text, and the secret key to derive the plaintext message.
When using this form of encryption, it is essential that the sender and receiver have a way
to exchange secret keys in a secure manner. If someone knows the secret key and can
figure out the algorithm, communications will be insecure. There is also the need for a
strong encryption algorithm. What this means is that if someone were to have a cipher
text and a corresponding plaintext message, they would be unable to determine the
encryption algorithm.
There are two methods of breaking conventional/symmetric encryption - brute force and
cryptanalysis. Brute force is just as it sounds; using a method (computer) to find all
possible combinations and eventually determine the plaintext message. Cryptanalysis is a
form of attack that attacks the characteristics of the algorithm to deduce a specific
plaintext or the key used. One would then be able to figure out the plaintext for all past
and future messages that continue to use this compromised setup.
Public and Private Keys - these are a pair of keys where one is used for encryption and the other
for decryption.
Cipher text - this is the encrypted or scrambled message produced by applying the algorithm to
the plaintext message using key.
Decryption Algorithm - This algorithm generates the cipher text and the matching key to produce
the plaintext.
• This pre hash code is encrypted by the software using the senders private key. The private
key would be generated using the algorithm used by the software.
• The encrypted pre hash code and the message are encrypted again using the sender's
private key.
• The next step is for the sender of the message to retrieve the public key of the person this
information is intended for.
• The sender encrypts the secret key with the recipient's public key, so only the recipient
can decrypt it with his/her private key, thus concluding the encryption process.
• The recipient uses their private key along with the secret key to decipher the encrypted
pre hash code and the encrypted message.
• The recipient then retrieves the sender's public key. This public key is used to decrypt the
pre hash code and to verify the sender's identity.
• The recipient generates a post hash code from the message. If the post hash code equals
the pre hash code, then this verifies that the message has not been changed en-route.
Encryption Algorithms
Different encryption algorithms use proprietary methods of generating these keys and are
therefore useful for different applications. Here are some nifty gritty details about some of these
encryption algorithms. Strong encryption is often discerned by the key length used by the
algorithm.
RSA
In 1977, shortly after the idea of a public key system was proposed, three mathematicians, Ron
Rivest, Adi Shamir and Len Adleman gave a concrete example of how such a method could be
implemented. To honor them, the method was referred to as the RSA Scheme. The system uses a
private and a public key. To start two large prime numbers are selected and then multiplied
together; n=p*q.
If we let f(n) = (p-1) (q-1), and e>1 such that GCD(e, f(n))=1. Here e will have a fairly large
probability of being co-prime to f(n), if n is large enough and e will be part of the encryption key.
If we solve the Linear Diophantine equation; ed congruent 1 (mod f(n)), for d. The pair of
integers (e, n) are the public key and (d, n) form the private key. Encryption of M can be
accomplished by the following expression; Me = qn + C where 0<= C < n. Decryption would be
the inverse of the encryption and could be expressed as; Cd congruent R (mod n) where 0<= R <
n. RSA is the most popular method for public key encryption and digital signatures today.
DES/3DES
The Data Encryption Standard (DES) was developed and endorsed by the U.S. government in
1977 as an official standard and forms the basis not only for the Automatic Teller Machines
(ATM) PIN authentication but a variant is also utilized in UNIX password encryption. DES is a
block cipher with 64-bit block size that uses 56-bit keys. Due to recent advances in computer
technology, some experts no longer consider DES secure against all attacks; since then Triple-
DES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES
encrypts data three times and uses a different key for at least one of the three passes giving it a
cumulative key size of 112-168 bits.
BLOWFISH
Blowfish is a symmetric block cipher just like DES or IDEA. It takes a variable-length key, from
32 to 448 bits, making it ideal for both domestic and exportable use. Bruce Schneier designed
Blowfish in 1993 as a fast, free alternative to the then existing encryption algorithms. Since then
Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption
algorithm.
IDEA
International Data Encryption Algorithm (IDEA) is an algorithm that was developed by Dr. X.
Lai and Prof. J. Massey in Switzerland in the early 1990s to replace the DES standard. It uses the
same key for encryption and decryption, like DES operating on 8 bytes at a time. Unlike DES
though it uses a 128 bit key. This key length makes it impossible to break by simply trying every
key, and no other means of attack is known. It is a fast algorithm, and has also been implemented
in hardware chipsets, making it even faster.
SEAL
Rogaway and Coppersmith designed the Software-optimized Encryption Algorithm (SEAL) in
1993. It is a Stream-Cipher, i.e., data to be encrypted is continuously encrypted. Stream Ciphers
are much faster than block ciphers (Blowfish, IDEA, DES) but have a longer initialization phase
during which a large set of tables is done using the Secure Hash Algorithm. SEAL uses a 160 bit
key for encryption and is considered very safe.
RC4
RC4 is a cipher invented by Ron Rivest, co-inventor of the RSA Scheme. It is used in a number
of commercial systems like Lotus Notes and Netscape. It is a cipher with a key size of up to 2048
bits (256 bytes), which on the brief examination given it over the past year or so seems to be a
relatively fast and strong cipher. It creates a stream of random bytes and 'XORing' those bytes
with the text. It is useful in situations in which a new key can be chosen for each message.
Assuming ideal performance and no downtime, one should be able to exhaustively search the
key-space in over 20,000 years. A common concern amongst many is deciding what key length is
secure.
Scavenged computer
Minimal 1 week Not feasible
time
Regular User
$400 5 hours ($.08) 38 years ($5,000)
FPGA
There is a metronome for technological progress called Moore's Law which states that; "the
number of components that can be packed on a computer chip doubles every 18 months while the
price stays the same" . Essentially, this means that computing power per dollar doubles every
eighteen months. Using a derivative of this above law one can also say that, if a key length of x
is considered safe today, in 18 months the key length would have to be x+1 to keep up to par
with the computing power. Recent studies performed by independent scientists have shown that
key lengths should be no less than 90-bits long to ensure complete security for the next 20 years.
1
FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware specifically
designed for encryption/decryption.
2
ASIC (Application Specific Integrated Circuits) are also specialized hardware that can test 200
million keys per second.
Encrypted Email
One of the most common uses of encryption is in electronic messaging. Encryption can
be used to secure email on public and private networks. Unlike e-mail on a private
system, which goes directly to a mail server and resides there until it is retrieved, Internet
e-mail bounces from server to server on its way to a recipient. This makes the
transmission channel impossible to secure and provides numerous opportunities for
interception. Here it makes sense to secure the message itself by using encryption. But
private networks are not immune to the need for higher security and often employ
encryption to guarantee the integrity of the message.
Sending plaintext email is like sending a postcard - what type of information do you
disclose when mailing a postcard? When do you consider putting the letter in an envelope
to resist tampering and to protect your privacy? Similarly, encrypting email is the first
step to securing the contents of your message. One of the most popular methods of email
encryption is the use of public key encryption.
The two most widely fielded methods of email encryption are PGP (Pretty Good Privacy)
and Entrust. The former provides solutions for both individuals and corporations while
Entrust focuses on the larger enterprise based secure messaging solutions. Also availabe
to individual users/small businesses is encrypted email on a web based platform through
Hushmail. This service allows you to send and receive email from their website, never
having to buy any software or have the need for extra infrastructure.
Encrypted mail enables the 'little guy' to decide how much privacy they want and when
and where they want it. The Tools section has resources one could use for encrypted and
anonymous email.
Virtual Private Networks (VPNs)
Recent technological advances in broadband and dial data access offer a more cost-effective
solution for supporting large numbers of remote users, as well as unprecedented network
scalability and flexibility. These technology advances have created virtual private networks
(VPN) using public links. They can be used to provide mobile workers with remote access to the
corporate network - at the price of a local call. As with any use of public networks, one sacrifices
privacy for cost and availability. Except a VPN is a network tunnel created for data transmission
between two or more authenticated parties. A secure VPN encrypts data before passing it through
the network tunnel. This creates an encrypted "pipe" between the user and the access device
ensuring data integrity/authenticity, and user privacy. Apart from providing connectivity for
remote users, VPNs can also be used to interconnect servers and complete networks, creating
entities known as Extranets.
Virtual Private Networks can be implemented by using propreitory systems from Nortel
Networks, Cisco, Datafellows, Intel, Nokia, Checkpoint, Lucent and others. Point to point VPNs
can also be created using imbedded protocols in Operating Systems like Windows
2000/XP/Linux or even by applications like PGP.
IPSEC
The IP Security Protocol (IPSec) working group has defined a set of specifications for
cryptographically-based authentication, integrity, and confidentiality services at the IP datagram
layer. This protocol is intended to secure data communications on the Internet and is one of the
fastest growing security standards worldwide. IPSec supports multiple algorithms and key
management systems within its design architecture.
Encryption Tools
There are many free and paid encryption tools available on the Internet. Some better than others,
but nonetheless one can setup a secure messaging system (email encryption), secure transactions
(SSL enabled web browsers) and secure connectivity (VPNs and SSH) on a very small budget.
Some of the small business/individual solutions available include:
EMAIL
PGP - this is the de-facto secure messaging standard on the Internet. Network Associates has
dropped this product suite but fortunately the strong user base of PGP means it is likely to stay as
the most popular email encryption tool.
Hush mail - here is another way of adding encryption to your email. But unlike software tools
(say PGP) it is a service built into web based email. With free and paid service, one can get the
flexibility of a web based email account combined with the security of 1,024-bit encryption,
digital signatures and support for the OpenPGP standard.
FILE ENCRYPTION
Private File - Private File is a fast and easy way to protect yourself and your company by
encrypting your files before sending them. With a simple drag-and-drop, or a menu point-and-
click, your information is safe. And with the strongest encryption, you can be sure that no one but
your desired recipient will be able to use your information.
F-Secure File Crypto - developed by Data fellows Corp, this is a long standing file encryption
application that supports strong encryption. Also comes for Pocket PC.
Shy File - free and paid versions of a strong encryption application that lets you create self-
executable, encrypted packages.
VPNs
PGP - certain versions of this applications allow point to point encrypted VPN sessions.
Windows NT/2000/XP & Linux - they allow 'secure' data transmssion between two nodes using
the PPTP protocol.
Internet Privacy
The Internet is a great tool. As it becomes woven into our day to day fabric, there are
many more tasks that can be done on it. It is convenient, most people in the developed
world have access to it. And many organizations/corporations are providing users with
the tools to get stuff done on the Internet. Everyone from governments (records,
applications, taxes), businesses (shopping, services, bill payments, banking) and
individuals (research, communication, entertainment) are using the Internet to conduct
transactions.
But the Internet is a public network. That is, the access routes are for the most part open
to other traffic and users. It is also a medium to obtain information, legally or not on a
wide variety of people and things. So how can we make sure that the Internet can be used
without compromising privacy of the users? A tough proposition that is getting harder
every day. Like or not, websites collect information about their visitors (cookies, logs).
Information that includes how often they visit, what links they click on, what they buy,
etc. If you entered your name, age, or any other demographic information, there is a good
chance that it might be provided to other firms to sell products/services or for analysis.
Many times, the users are unaware of exactly what is being collected/monitored. What
happens to this personal information if the company has financial difficulties and has to
liquidate its assets? Is this information a company asset, free to be sold to the highest
bidder?
Internet applications like IE/Netscape have not really kept up either. Privacy issues have
been put on the back burner in an effort to compete for market share which is
predominantly based on ease of use and standards. Privacy is that uncomfortable issue
that most people wish would go away. There are many other tools like Anonymizer,
McAfee Privacy Services and others that can help users sanitize their computers and get
an upper hand on what information they want on their computers. These applications
allow you to select what personal information you wish to divulge and how to clean up
your computer so as to negate any information or statistics that might be collected on you
while surfing. These tools and a good personal firewall along with an anti-virus software
are essential for every Internet user.
The Internet is also a great tool to learn about increasing your privacy and securing
private information.
Identity Theft
Identity theft is a growing problem in today's society. It is relatively easy to pull off and very
devastating for the victims. There are thousands of cases every year where people see the
fraudulent use of their identity to rack up credit card bills and ruin their reputations and credit
histories. The Internet is definitely a factor here and is often pointed to as a culprit. But it can also
be used to fight back and ensure that ones privacy is maintained. Here are some simple on and
offline steps to follow in order to avoid identity theft.
ONLINE PRIVACY:
• Have you seen your credit report lately? You should check your credit report every 6
months to a year using one of many online credit report services.
• Use services and applications like Anonymizer or McAfee Privacy Services to control
what personal information is divulged to websites.
• Install a good personal firewall (Norton, Black Ice, etc) - here are some firewall reviews.
• Use a good anti-virus software (Norton, McAfee, etc) and update signatures regularly
• Have more than one email address, use free services like Yahoo!, Hotmail, or Spam
Bully (which has good anti-spam tools) for regular email.
• Upgrade your web browser and operating system to support strong (i.e. 128 bit +)
encryption.
• Do not divulge private information on the Internet, especially watch where you post your
resumes.
OFFLINE:
• Get a secure mailbox/PO Box - one that won't allow someone to go through your mail.
• Buy a shredder; destroy any and all unwanted documentation before discarding.
If you are an identity theft victim, contact your local police department ASAP and implement all
of the above suggestions.
The term "hacker" has been around for a while. It originally referred to a person not well versed
with a computer trying different things to accomplish a task. To hack was to figure out something
through sheer trial and error or logical deduction. Today, a hacker described as a person who
breaks into computers for various reasons. Crackers and script-kiddies are two other more
commonly used terms describing those involved in the break in or disruption of an online service.
Security problems can occur in any networked environment. Many of the problems are related to
the exploitation of the original design of the TCP/IP suite of internetworking protocols, but the
majority is due to configuration or operator errors. Hackers are not just looking for websites or
government computers to hack - utility grids, emergency information systems, controls for dams
and locks, financial information, inter-banking information, military communications and much
more sensitive information travels on the Internet and other communication networks.
ACTIVE HACKING:
Active attacks involve the modification of transmitted data and attempts to gain unauthorized
access to systems. Data communication is based on a set of handshakes to ensure the smooth and
reliable flow of information. A hacker that is between a client and a server and is able to spoof
(illegally duplicate) the IP address and sequence numbers, can attack either machine in several
ways. The hacker can disable one of the machines and take the identity of the other, or the hacker
can mimic either machine and carry on conversations impersonating the other.
A hacker could also attach additional information to a client request and strip the corresponding
additional response from the packet before forwarding the remaining response to the client's
original request. All this while having access to information that is assumed to be going back and
forth between two 'trusted' systems. Computer viruses and Trojans are also examples of active
attacks. They can disable machines or in the case of Trojans allow malicious hackers access to
sensitive information by creating a back door.
PASSIVE HACKING:
Passive attacks have to do with eves dropping and monitoring transmissions. All electronic
transmissions (email, WWW, telnet, etc) can theoretically be monitored. Since most computers
(and the whole Internet) is part of network(s), spying on data transmissions is a major concern.
One of the earliest and most sophisticated passive eavesdropping example comes to us from the
Cold War. The US Navy was able to 'tap' into Soviet undersea fiber optic lines by using special
submarines and for years had complete knowledge of that set of communications. On the Internet,
protocols like HTTP, FTP and telnet are non-encrypted modes of communications that can easily
be compromised. Therefore, encrypted versions (HTTPS, SSH, etc) should be used when
transmitting sensitive information.
Computer Security
There are three data security concerns that need to be addressed - confidentiality,
authentication, and non-repudiatability. Confidentiality ensures that the data is readable
only by the intended recipients. Authentication provides protection against unauthorized
access or forgeries. Non-repudiatability ensures that someone cannot deny having
conducted a transaction. The steps needed to curb the security concerns on the Internet
are three fold. First is a balance between industry self-regulation and laws to deter
unscrupulous practices. Second would be the education of the Internet user base on their
rights and tools to ensure their protection while online. Lastly, the continuous advent of
technology as it matures the Internet and provides us with newer more powerful tools that
will enhance the current economic boom that many regard as an Internet phenomenon.
Unix is the oldest and most widely used networking operating system in use today. Unix
has the advantage of having been hacked and patched by hackers and crackers for
decades. One of the most popular Unix derivatives is Linux, developed by Linus
Torvalds and now maintained by thousands of volunteers and many software companies.
But Linux still has flaws that are being discovered every day. It is extremely important to
monitor these occurrences and apply the necessary patched when they are made
available.
Microsoft's Windows platform has seen unprecedented growth as a server and client
platform. Whether it be in the millions of home PCs, on the Internet or on corporate
LANs, its popularity has caught the fancy of many hackers.
Cryptography, simply defined, is the art of combining some input data, called the
plaintext, with a user-specified password to generate an encrypted output, called cipher
text, in such a way that, given the cipher text, it is extremely difficult to recover the
original plaintext without the encryption password in a reasonable amount of time. The
algorithms that combine the keys and plaintext are called ciphers. Various ciphers are
documented in the Algorithms section. Many ciphers accept a fixed length password
(also called a key). The key space is the total number of possible keys. For a cipher that
accepts 160 bit keys, this is 2160, or approximately 1.46 x 1048. Although recommended
key lengths change as computing power grows, the currently secure key length for
encryption ranges from 128 to 256 bits, with most modern algorithms using keys at least
128 bits.
So what makes one cipher better than another? What makes a cipher secure? Although
these questions are the essence of cryptography, their answers are relatively simple: if
there is no other way to "break" the algorithm (recover the plaintext or key given some
cipher text) other than searching through every possible key, then the algorithm is secure.
This is where a large key length comes in -- the larger the key length, the more possible
keys to search through, and therefore the more secure the algorithm. Cryptanalytic attacks
are simply means of reducing the number of keys that need to be searched.
The majority of the encryption algorithms in use today are block algorithms, which
operate on one chunk (generally 64 bits) of data at a time. By comparison, stream ciphers
operate on variable lengths of data. Stream ciphers can be thought of as seeded random
number generators (with the seed being the key), with the random numbers being
combined with the plaintext to generate cipher text. The better the generated numbers are,
the more secure the stream cipher is.
Block algorithms are, in terms of both design and implementation, generally more
complex than stream ciphers. Bruce Schneier's Blowfish algorithm is a very good
example of a block cipher and illustrates some important design concepts. Blowfish
combines an non-invertible f function, key-dependent S-boxes, and a Feistel network to
make a cipher that has not yet been broken. It is relatively simple to implement. CAST,
another cipher of high repute, is very similar to Blowfish in overall design.
The most interesting portion of Blowfish is its non-invertible f function. This function
uses modular arithmetic to generate indexes into the S-boxes. Modular arithmetic is
usually used to create non-invertible f functions. Non-inevitability is best explained by
example:
x 1 2 3 4 5 6 7
x2 1 4 9 16 25 36 49
x2 mod 7 1 4 2 2 4 1 0
Given an output, there is no function that can generate the specific input to f(x). For
example, if you knew that your function has a value of 4 at some x, there is no way to
know if that x is 2, 5, or any other x whose f(x) = 4. Blowfish does its arithmetic over
mod 232 (232 is around 4 billion). This is called arithmetic in a finite field and makes some
common mathematical assumptions untrue (1+1 does not equal two if you are in a finite
field of size two).
S-boxes are just large arrays of predefined data. During the process of key setup, the key
is combined with the S-boxes. The details of this key-setup are relatively uninteresting,
but the fact that it combines the key with the S-boxes strengthens the algorithm greatly.
Key setup in Blowfish is designed to be relatively slow. This is actually a benefit, as
someone doing a brute-force search of keys will have to go through the slow key setup
process for each key tried. However, someone doing encryption and decryption must only
go through the key setup process once. Encryption and decryption are relatively fast.
Another important element of Blowfish is the Feistel network. Using the Feistel network
gives the cipher two very desirable properties: decryption using the same f function (even
if it is non-invertible) and the ability to iterate the function multiple times. These multiple
iterations are called rounds. The more rounds, the more secure the algorithm is. The
recommended number of rounds depends on the specific algorithm; for Blowfish, it is 16.
A Feistel network can be described by the following algorithm (taken from Applied
Cryptography):
Li = Ri– 1,
Ri = Li– 1 (+) f(Ri– 1,Ki),
Cryptographic Algorithms
BLOCK CIPHERS
3-Way
3-Way is a simple and fast cipher designed by Joan Daemen. 3-Way features a 96-bit key
length and a 96-bit block length. 3-Way is an iterated block cipher that repeats some
relatively simple operations a specified number of rounds. David Wagner, John Kelsey,
and Bruce Schneier of Counterpane Systems have discovered a related key attack on 3-
Way that requires one related key query and about 222 chosen plaintexts, described in this
paper. 3-Way is unpatented.
Blowfish
CAST
CMEA
DES
Designed at IBM during the 1970s and officially adopted as the NIST standard
encryption algorithm for unclassified data in 1976, DES has become the bastion of the
cryptography market. However, DES has since become outdated, its long reign as official
NIST algorithm ending in 1997. Though DES accepts a 64-bit key, the key setup routines
effectively discard 8 bits, giving DES a 56-bit effective keylength. DES remains widely
in use. During the design of DES, the NSA provided secret S-Boxes. After differential
cryptanalysis had been discovered outside the closed fortress of the NSA, it was revealed
that the DES S-boxes were designed to be resistant against differential cryptanalysis.
DES is becoming weaker and weaker over time; modern computing power is fast
approaching the computational horsepower needed to easily crack DES.
DES was designed to be implemented only in hardware, and is therefore extremely slow
in software. A recent successful effort to crack DES took several thousand computers
several months. The EFF has sponsored the development of a crypto chip named "Deep
Crack" that can process 88 billion DES keys per second and has successfully cracked 56
bit DES in less than 3 days.
Triple-DES
A variant of DES, Triple-DES (also 3DES) is based on using DES three times. This
means that the input data is encrypted three times. The Triple-DES is considered much
stronger than DES, however, it is rather slow compared to some new block ciphers.
DEAL
DEAL is an interesting AES submission and, like all AES submissions, it uses a 128 bit
block and accepts 128 bit, 192 bit, and 256 bit keylengths. It uses DES as its inner round
function and its authors suggest at least 6, preferably 8 rounds (there are some attacks
against DEAL). There is a paper available here that describes some attacks, all of which
can be cured by using at least 8 rounds.
FEAL
Developed by the Nippon Telephone & Telegraph as an improvement to DES, the Fast
Data Encipherment Algorithm (FEAL) is very insecure. FEAL-4, FEAL-8, and FEAL-N
are all susceptible to a variety of cryptanalytic attacks, some requiring as little as 12
chosen plaintexts. FEAL is patented.
GOST
GOST is a cryptographic algorithm from Russia that appears to be the Russian analog to
DES both politically and technologically. Its designers took no chances, iterating the
GOST algorithm for 32 rounds and using a 256 bit key. Although GOST's conservative
design inspires confidence, John Kelsey has discovered a key-relation attack on GOST,
described in a post to sci.crypt on 10 February 1996. There are also weak keys in GOST,
but there are too few to be a problem when GOST is used with its standard set of S-
boxes. You can read the official GOST algorithm description (translated from Russian)
here. There is also a description of the GOST algorithm here.
IDEA
IDEA, developed in Zurich, Switzerland by Xuejia Lai and James Massey, is generally
regarded to be one of the best and most secure block algorithm available to the public
today. It utilizes a 128-bit key and is designed to be resistant to differential cryptanalysis.
Some attacks have been made against reduced round IDEA. Unfortunately, IDEA is
patented; licensing information can be obtained from Ascom.
LOKI
LOKI was designed as a possible replacement for DES. It operates on a 64-bit block and
a 64-bit key. The first version of LOKI to be released was broken by differential
cryptanalysis and was shown to have an 8-bit complementation property (this means that
the number of keys that need to be searched in a brute force attack is reduced by 256).
LOKI was revised and re-released as LOKI91. LOKI91 is secure against differential
cryptanalysis, but LOKI easily falls to a chosen-key attack. The designers of LOKI have
proposed LOKI97 as an AES candidate, but linear and differential attacks on LOKI97
have already been proposed.
Lucifer
Lucifer was one of the first modern cryptographic algorithms. It was designed at IBM in
the 1960s by Horst Feistel, of Feistel network fame. Lucifer is often considered to be a
precursor to DES. There are several incarnations of Lucifer, each with the same name,
which creates a good deal of confusion. No version is secure. A paper on the differential
cryptanlysis of Lucifer was written by Ishai Ben-Aroya & Eli Biham.
MacGuffin
MARS
MARS is IBM's AES submission. There is a MARS web page with a link to the MARS
paper. MARS uses 128 bit blocks and supports variable key sizes (from 128 to 1248 bits).
MARS is unique in that it combines virtually every design technique known to
cryptographers in one algorithm. It uses addition and subtractions, S-boxes, fixed and
data dependent rotations, and multiplications.
MISTY
MMB was designed as an alternative to IDEA that uses a 128-bit block instead of IDEA's
64-bit block. It was designed using the same principles as IDEA. Unfortunately, it is not
as secure as IDEA and several attacks exist against it. Its author, Joan Daemen,
abandoned it and designed 3-Way.
NewDES
Although NewDES was developed by Robert Scott to possibly replace DES, NewDES
has fallen short of expectations. NewDES has been proven to be weaker than DES,
requiring 24 related-key probes and 530 chosen plaintext/ciphertext queries, as described
in this paper.NewDES is implemented in Kremlin
RC2
RC2, like RC4, was formerly a trade secret, but code purporting to be RC2 was posted to
sci.crypt. It is archived here. David Wagner, John Kelsey, and Bruce Schneier have
discovered a related-key attack on RC2 that requires one related-key query and
approximately 234 chosen plaintexts. RC2 is not patented by RSA Data Security, Inc; it is
just protected as a trade secret.
RC5
RC5 is a group of algorithms designed by Ron Rivest of RSA Data Security that can take
on a variable block size, key size, and number of rounds. The block size is generally
dependent on the word size of the machine the particular version of RC5 was designed to
run on; on 32-bit processors (with 32-bit words), RC5 generally has a 64-bit block size.
David Wagner, John Kelsey, and Bruce Schneier have found weak keys in RC5, with the
probability of selecting a weak key to be 2-10r, where r is the number of rounds. For
sufficiently large r values (greater than 10), this is not a problem as long as you are not
trying to build a hash function based on RC5. Kundsen has also found a differential
attack on RC5. RC5 is described in this RSA document. RC5 is patented by RSA
Security, Inc.
RC6
RC6 is Ronald Rivest's AES submission. Like all AES ciphers, RC6 works on 128 bit
blocks. It can accept variable length keys. It is very similar to RC5, incorporating the
results of various studies on RC5 to improve the algorithm. The studies of RC5 found
that not all bits of data are used to determine the rotation amount (rotation is used
extensively in RC5); RC6 uses multiplication to determine the rotation amount and uses
all bits of input data to determine the rotation amount, strengthening the avalanche effect.
REDOC
There are two versions of the REDOC algorithm, REDOC II, and REDOC III. REDOC II
is considered to be secure; an attack has been made against one round of REDOC II, but
could not be extended to all 10 recommended rounds. REDOC II is interesting in that it
uses data masks to select the values in the S-boxes. REDOC II uses a 160-bit key and
works on an 80-bit block. REDOC III was an attempt to make the painfully slow REDOC
II faster. REDOC III, like REDOC III, operates on an 80-bit block, but can accept keys
up to 20480 bits. However, REDOC III falls to differential cryptanalysis, as described in
this paper.
Rijndael
Rijndael is an AES winner by Joan Daemen and Vincent Rijmen. The cipher has a
variable block and key length, and the authors have demonstrated how to extend the
block length and key length by multiples of 32 bits. The design of Rijndael was
influenced by the SQUARE algorithm. The authors provide a Rijndael specification and a
more theoretical paper on their design principles. The authors have vowed to never patent
Rijndael.
Safer
Safer was developed by Robert Massey at the request of Cylink Corporation. There are
several different versions of Safer, with 40, 64, and 128-bit keys. A weakness in the key
schedule was corrected, with an S being added to the original Safer K designation to
create Safer SK. There are some attacks against reduced round variants of Safer. Safer is
secure against differential and linear cryptanalysis. However, Bruce Schneier, author of
Applied Cryptography, recommends against using Safer because, "Safer was designed for
Cylink, and Cylink is tainted by the NSA." Safer SK-128 is implemented in Kremlin.
Serpent
Serpent is an AES submission by Ross Anderson, Eli Biham, and Lars Knudsen. Its
authors combined the design principles of DES with the recent development of bitslicing
techniques to create a very secure and very fast algorithm. While bitslicing is generally
used to encrypt multiple blocks in parallel, the designers of Serpent have embraced the
technique of bitslicing and incorporated it into the design of the algorithm itself. Serpent
uses 128 bit blocks and 256 bit keys. Like DES, Serpent includes an initial and final
permutation of no cryptographic significance; these permutations are used to optimize the
data before encryption. Serpent was released at the 5th International Workshop on Fast
Software Encryption. This iteration of Serpent was called Serpent 0 and used the original
DES S-boxes. After comments, the key schedule of Sperpent was changed slightly and
the S-boxes were changed; this new iteration of Serpent is called Serpent 1. Serpent 1
resists both linear and differential attacks. The Serpent paper is available here.
SQUARE
SQUARE is an iterated block cipher that uses a 128-bit key length and a 128-bit block
length. The round function of SQUARE is composed of four transformations: a linear
transformation, a nonlinear transformation, a byte permutation, and a bitwise round-key
addition. SQUARE was designed to be resistant to linear and differential cryptanalysis,
and succeeds in this respect. The designers of SQUARE have developed an attack on
SQUARE, but it cannot be extended past 6 rounds. A paper on SQUARE is available
here and there are links to the paper and source code on the designers' web site.
Skipjack
In what surely signals the end of the Clipper chip project, the NSA has released Skipjack,
its formerly secret encryption algorithm, to the public. Skipjack uses an 80 bit key. A
fuzzy scan of the official NSA paper is available here at the NIST web site, but it has
been transcribed by the folks over at jya.com. A reference implementation (in C) is
available here, and an optimized version is available here. Eli Biham and Adi Shamir
have published some initial cryptanalytic results (which are growing more and more
interesting as time progresses).
Twofish
STREAM CIPHERS
ORYX
ORYX is the algorithm used to encrypt data sent over digital cellular phones. It is a
stream cipher based on three 32-bit Galois LFSRs. It is distinct from CMEA, which is a
block cipher used to encrypt the cellular data control channel. The cryptographic tag-
team from Counterpane Systems (David Wagner, John Kelsey, and Bruce Schneier) have
developed an attack on ORYX that requires approximately 24 bytes of known plaintext
and about 216 initial guesses.
RC4
The RC4 algorithm is a stream cipher from RSA Data Security, Inc. Though RC4 was
originally a trade secret, the alleged source code was published anonymously in 1994.
The published algorithm performs identically to RC4 implementations in official RSA
products. RC4 is widely used in many applications and is generally regarded to be secure.
There are no known attacks against RC4. RC4 is not patented by RSA Data Security, Inc;
it is just protected as a trade secret.
The 40-bit exportable version of RC4 has been broken by brute force!
SEAL
SEAL, designed by Don Coppersmith of IBM Corp, is probably the fastest secure
encryption algorithm available. The key setup process of SEAL requires several kilobytes
of space and rather intensive computation involving SHA1, but only five operations per
byte are required to generate the keystream. SEAL is particularly appropriate for disk
encryption and similar applications where data must be read from the middle of a
ciphertext stream. A paper is available here. SEAL is patented, and can be licensed from
IBM.
HASH ALGORITHMS
MD2
MD4
Although MD4 is now considered insecure, its design is the basis for the design of most
other cryptographic hashes and therefore merits description. First, the message to be
operated on is padded so that its length in bits plus 448 is divisible by 512. Then, in what
is called a Damgård/Merkle iterative structure, the message is processed with a
compression function in 512-bit blocks to generate a digest value. In MD4 this digest is
128 bits long. Hans Dobbertin developed an attack on the full MD4 that will generate
collisions in about a minute on most PCs. An overview of the design and a description of
the security of MD2, MD4, and MD5, are described in this RSA document.
MD5
While MD4 was designed for speed, a more conservative approach was taken in the
design of MD5. However, applying the same techniques he used to attack MD4, Hans
Dobbertin has shown that collisions can be found for the MD5 compression function in
about 10 hours on a PC. While these attacks have not been extended to the full MD5
algorithm, they still do not inspire confidence in the algorithm. RSA is quick to point out
that these collision attacks do not compromise the integrity of MD5 when used with
existing digital signatures. MD5, like MD4, produces a 128-bit digest. An RFC
describing MD5 in detail is available here. The use of MD5, as well as MD4, is not
recommended in new applications.
RIPEMD
RIPEMD and its successors were developed by the European RIPE project. Its authors
found collisions for a version of RIPEMD restricted to two rounds. This attack can also
be applied to MD4 and MD5. The original RIPEMD algorithm was then strengthened and
renamed to RIPEMD-160. As implied by the name, RIPEMD-160 produces a 160-bit
digest. A comprehensive description of RIPEMD-160 can be found here.
SHA1
SHA1 was developed by the NSA for NIST as part of the Secure Hash Standard (SHS).
SHA1 is similar in design to MD4. The original published algorithm, known as SHA,
was modified by NSA to protect against an unspecified attack; the updated algorithm is
named SHA1. It produces a 160-bit digest -- large enough to protect against "birthday"
attacks, where two different messages are selected to produce the same signature, for the
next decade. The official FIPS description of SHA1 can be found here.
Snefru
Snefru is a hash function designed by Ralph Merkle, the designer of the Khufu and
Khafre encryption algorithms. 2-round Snefru has been broken by Eli Biham. Snefru 2.5,
the latest edition of the hash algorithm, can generate either a 128-bit or a 256-bit digest.
Tiger
Tiger is a new hash algorithm by Ross Anderson and Eli Biham. It is designed to work
with 64-bit processors such as the Digital Alpha and, unlike MD4, does not rely on
rotations (the Alpha has no such rotate instruction). In order to provide drop-in
compatibility with other hashes, Tiger can generate a 128-bit, a 160-bit or a 192-bit
digest. The Tiger home page contains more information.
CASE STUDY:
Password Manager XP:
Password Manager XP is a program specially created to help people systematize and
store securely valuable information. It rids computer users of headaches caused by lost
passwords, forgotten access codes and other sensitive information. With this program,
you safely store all your logins, passwords, PIN codes, credit card numbers, access codes,
files, and any other confidential information in one place.
Password Manager XP allows you to create several databases for storing desired
information. Each database has its own access password and is encrypted with the
algorithms of your choice. This means capability to apply several different encryption
algorithms at a time, which significantly increases protection against unauthorized access
of your data. Besides, the program comes with an option to automatically exit databases
when idle for a set period of time, which decreases the likelihood of stealing your data
when leave your computer with application running (for example, you have been
distracted by other things or simply forgot to quit the program).
You can install Password Manager XP Mobile to your Windows Mobile-based device
and access your data easily when your laptop or desktop PC is not available. Password
Manager XP installed on your Pocket PC allows you to keep your data secure and right in
your pocket.
Password Manager XP comes with a user-friendly interface that is easy to navigate and
adjust.
Other features
File Encryption XP encrypts files and folders using a strong Blowfish algorithm with
384-bit key. Protected files that can be decrypted without File Encryption XP is a built
in program feature. You can create a self-extracting encrypted file and simply send it by
mail or give it to someone on a floppy disk. If the recipient knows the password, he or
she can execute this file to get the original document.
In many cases we would like to delete the original insecure file or folder after it has been
encrypted. The standard Windows deletion method is not secure because you can restore
such a file in almost 100% of cases. File Encryption XP has a reliable deletion method
that will completely remove files. This is especially useful for deleting the source file or
folder after encryption so that the only remaining file is the encrypted version.
File Encryption XP has a built-in strong password generator allowing you to generate
new passwords according to the criteria you specify. Strong passwords are ones
containing upper and lower case letters as well as numbers and so they are almost
impossible to guess.
File Encryption XP automatically logs all program operations. You can always recall
what you were doing and when by looking through the log file. You can disable this
option if you prefer additional security and do not wish to keep a record of your
activities. When the program starts, it looks for all encrypted data on the current medium
and displays the list in the "Search" panel. The "Search" panel groups the encrypted files
in one place so it is easier to access them. You can use this panel to decrypt or delete the
encrypted files found by the program. The program interface is based on the interface of
Windows Explorer. You can perform all program operations on files and folders just as
you would in Windows Explorer. You can modify any menu or toolbar, create new ones
or change the program skin.
Main features
Additional features
Kremlin:
Many products feature secure encryption, but Kremlin does more: Kremlin builds a wall
around your computer, protecting your sensitive files from snooping intruders. Windows
and Mac OS were not designed to be secure; they literally strew your sensitive data all
over the computer. The Kremlin Sentry automates the process of securing your computer
by scheduling itself to secure portions of your hard disk and all used memory when you
log off your computer or your computer becomes idle.
And Kremlin is easy to use, too. You can securely remove files from your computer by
dragging them to the Kremlin Secure Delete (Recycle Bin). And when you log off,
Kremlin clears sensitive areas of your hard disk and wipes all records of your activities.
Kremlin can also automatically encrypt files and directories when you log off your
computer and decrypt them when you log back on, providing a transparent way to protect
your files from any nosy intruders.
If you're worried about your word processor leaking scraps of your sensitive documents
all over your hard drive, you can use Kremlin Text, a full-featured and secure text editor
that automatically encrypts your documents. You can even e-mail a secret memo to a co-
worker from within Kremlin Text.And Kremlin is so secure that the U.S. Government
considers it a munition! To snoops, Kremlin is a deadly weapon.
KERMIN SDK:
Kremlin SDK
Kremlin SDK is the cryptographic engine that powers Kremlin. It is the foundation of
Kremlin. Learn more...
Kremlin Encrypt/Decrypt
Kremlin Text
Discussing a top-secret project and need to send a secure memo? Exchanging notes with
a secret lover? You can use Kremlin Text to ensure that your data arrives safely and
securely. Just type your message into Kremlin Text's word processor-like environment,
click the Encrypt button, and you're ready to send secure e-mail! Your message can
include text formatting and different colors. Learn more...
Kremlin Sentry
The Kremlin Sentry automates the process of securing your computer. You can schedule
the Kremlin Sentry to run when you shut down your computer or when your computer is
idle. The Kremlin Sentry then secures unused portions of your hard drive, where
"deleted" word processing files often reside, and wipes all memory (including the swap
file), overwriting operating system records of passwords and other sensitive information.
The Kremlin Sentry can also clear all records of the most recently accessed documents or
all previously visited Internet world wide web sites. Learn more...
Kremlin Wipe
Windows and Mac OS were not designed as secure operating systems. Your keystrokes,
which might contain a sensitive passphrase, are saved to disk, and your word processor
routinely writes scraps of your documents to disk. Use Kremlin Wipe to wipe free
memory, unused disk space or completely wipe the disk! Learn more...
When you drag your top-secret document to the Kremlin Secure Recycle Bin, it's just not
flagged to be overwritten, it's gone forever. Kremlin overwrites your documents with a
variation of the Department of Defense standard, writing zeros, ones, and a pseudo-
random bit stream and its binary complement a user-specified number of times. Learn
more...
Add powerful 160-bit encryption to your application in less than 30 lines of C code
Supported Platforms
Cryptographic Features
The Kremlin SDK also includes automatic compression (at the archive level), error
checking using a modified Fletcher checksum (faster and better than a CRC), and a
flexible callback system (for progress controls, file overwriting, etc.)
And the Kremlin SDK is very, very secure. Both the source code and the compiled
executables have been reviewed by security professionals, including Chris Hall from
Counterpane Systems (Bruce Schneier's company), Alexander Pukall, who writes
encrypted databases, and a person named Casimir, who has cracked the encryption in
several other programs, including "Encrypt-It" and "Crypt-o-text". After hearing that he
had broken yet another insecure encryption program, we e-mailed Casimir and
challenged him to break Kremlin. We even gave him the source code. After over a month
of examining the source code, Casimir e-mailed us and admitted defeat, saying "OK, you
won. I surrender!". It would take you months of your time and tens of thousands of
dollars to write, optimize, and secure (including paying for outside security consultants)
your own encryption routines. And your solution would most likely never have been
torture-tested by over 50,000 users!
And this isn't normal technical support; we function as security consultants and can
review your usage of the Kremlin SDK for possible security loopholes. We can even
write the encryption code for you.
The Kremlin SDK can be distributed royalty free with your application. And there's also
a 90 day money-back guarantee; if you purchase the Kremlin SDK and decide you
don't like it, you can get all of your money back (including possible technical support
contracts) any time within three months after the purchase.
It takes only a few lines of C code to add powerful cryptography to any application. See
how easy to use Kremlin SDK in your application: imagine you need to write a utility
that can encrypt files command prompt with the following syntax: