CRPTOGRAPHY, ENCRYPTION AND PRIVACY Encryption and Privacy

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." Benjamin Franklin, 1759. Security and privacy have long been important issues forming the basis of numerous democracies around the world. In the digital age, securing personal information and ensuring privacy pose to be issues of paramount concern. At first glance, one might find it gratifying that an online website greets the person by their first name, sends them emails when goods of their taste are added, or recommends goods services based on their demographic profile, previous visits, etc. An astute surfer though will also see the privacy drawbacks in such services. Who else is being provided this information? Is there a way to ensure the security of this information? What happens with the information if the company meets financial diffuculties and has to liquidate its assets? Where does all that "private information" go? Many studies over the last few years have suggested that a majority of consumers are concerned about when, what and how their personal information is being collected, how this information is being used and whether it is being protected. They want to know whether the information is being sold or shared with others, and if so with whom and for what purposes. They also want to have control over their privacy in today's digital age where strides in telecommunication, storage and software technologies have made monitoring a person's activities effortless. The Internet, once a research tool has grown into a mammoth educational, entertainment and commercial implementation. The advent of commerce on the Internet exposed the lack of security over this public network. The incorporation of encryption (especially strong 128 bit encryption) into Internet browsers and web servers quelled this concern to a certain extent. There was still the matter of storing the information sent over the Internet in a safe manner. Firewalls and encryption software evolved to ensure that the computers and data on the Internet were safer. What can be done regarding these important issues? Part of the solution is to secure

important data - more specifically, using strong encryption. Educating end users and corporations on the use of email and file encryption software, data encryption during transmission using VPNs, password encryption on public interfaces and use of encryption software like PGP, F-Secure and 128 bit version of IE/NS will lead us closer to the end goal of a safer Internet. The growth of the worldwide Internet user base and with Internet based transactions believed to reach well over a trillion dollars in the next three years, it makes sense for the parties involved to secure the Internet. Haphazard handling of financial and personal information can lead to the Internet being constantly associated with fraud and privacy abuses instead of being a viable commerce medium.

Why Use Encryption?
As organizations and individuals have connected to the Internet in droves, many have begun eyeing its infrastructure as an inexpensive medium for wide-area and remote connections. The Internet is an international network consisting of individual computers and computer networks that are all interconnected by many paths. Unlike Local Area Networks where access is physically restricted to authorized users, the Internet is a public network and can be accessed by anyone. Now more than ever, moving vast amounts of information quickly and safely across great distances is one of our most pressing needs. The basic idea of cryptography is to hide information from prying eyes. On the Internet this can be your credit card numbers, bank account information, health/social security information, or pseraonal correspondence with someone else. History of Encryption Encryption pre-dates the Internet by thousands of years. Looking back in history we find that Julius Caesar was an early user of cryptography. He sent messages to his troops in a simple but ingeneous method. A letter in the alphabet was replaced by one say 5 positions to the right. So, an "A" would be replaced by an "E", "B" by "F" and so on. Hence RETURN would become VJYZVS. But as it can be seen, this cipher can be easily broken by either figuring out a pattern, by brute force or by getting ones hands on a plaintext and ciphertext combination to deduce the pattern. Users of Encryption A few decades ago, only governments and diplomats used encryption to secure sensitive information. Today, secure encryption on the Internet is the key to confidence for people wanting to protect their privacy, or doing business online. E-Commerce, secure messaging, and virtual private networks are just some of the applications that rely on encryption to ensure the safety of data. In many companies that have proprietary or sensitive information, field personnel are required to encrypt their entire laptops fearing that in the wrong hands this information could cause millions of dollars in damage.

How Encryption Works
The concept behind encryption is quite simple - make the data unlegible for everyone else except those specified. This is done using cyrptography - the study of sending 'messages' in a secret form so that only those authorized to receive the 'message' be able to read it. The easy part of encryption is applying a mathematical function to the plaintext and converting it to an encrypted cipher. The harder part is to ensure that the people who are supposed to decipher this message can do so with ease, yet only those authorized are able to decipher it. We of-course also have to establish the legitimacy of the mathematical function used to make sure that it is sufficiently complex and mathematically sound to give us a high degree of safety. The essential concept underlying all automated and computer security application is cryptography. The two ways of going about this process are
• •

conventional (or symmetric) encryption public key (or asymmetric) encryption.

Private Key (Symmetric) Encryption
Private Key encryption also referred to as conventional, single-key or symmetric encryption was the only available option prior to the advent of Public Key encryption in 1976. This form of encryption has been used throughout history by Julius Caesar, the Navaho Indians, and German U-Boat commanders to present day military, government and private sector applications. It enquires all parties that are communicating to share a common key. A conventional encryption scheme has five major parts: Plaintext - this is the text message to which an algorithm is applied. Encryption Algorithm - it performs mathematical operations to conduct substitutions and transformations to the plaintext. Secret Key - This is the input for the algorithm as the key dictates the encrypted outcome.

Cipher text - This is the encrypted or scrambled message produced by applying the algorithm to the plaintext message using the secret key. Decryption Algorithm - This is the encryption algorithm in reverse. It uses the cipher text, and the secret key to derive the plaintext message. When using this form of encryption, it is essential that the sender and receiver have a way to exchange secret keys in a secure manner. If someone knows the secret key and can figure out the algorithm, communications will be insecure. There is also the need for a strong encryption algorithm. What this means is that if someone were to have a cipher text and a corresponding plaintext message, they would be unable to determine the encryption algorithm. There are two methods of breaking conventional/symmetric encryption - brute force and cryptanalysis. Brute force is just as it sounds; using a method (computer) to find all possible combinations and eventually determine the plaintext message. Cryptanalysis is a form of attack that attacks the characteristics of the algorithm to deduce a specific plaintext or the key used. One would then be able to figure out the plaintext for all past and future messages that continue to use this compromised setup.

Public Key Encryption
1976 saw the introduction of a radical new idea into the field of cryptography. This idea centered around the premise of making the encryption and decryption keys different - where the knowledge of one key would not allow a person to find out the other. Public key encryption algorithms are based on the premise that each sender and recipient has a private key, known only to him/her and a public key, which can be known by anyone. Each encryption/decryption process requires at least one public key and one private key. A key is a randomly generated set of numbers/ characters that is used to encrypt/decrypt information. A public key encryption scheme has six major parts: Plaintext - this is the text message to which an algorithm is applied. Encryption Algorithm - it performs mathematical operations to conduct substitutions and transformations to the plaintext. Public and Private Keys - these are a pair of keys where one is used for encryption and the other for decryption.

Cipher text - this is the encrypted or scrambled message produced by applying the algorithm to the plaintext message using key. Decryption Algorithm - This algorithm generates the cipher text and the matching key to produce the plaintext.

Selecting the Public and Private Keys
1. Select large prime numbers p and q and form n = pq. 2. Select an integer e > 1 such that GCD(e, (p - 1)(q - 1)) = 1. 3. Solve the congruence, ed  1 (mod (p for an integer d where 1 < d < (p - 1)(q - 1). 4. The public encryption key is (e,n). 5. The private encryption key is (d,n).

-

1),

(q

-

1))

The Encryption Process
• The process of encryption begins by converting the text to a pre hash code. This code is generated using a mathematical formula. This pre hash code is encrypted by the software using the senders private key. The private key would be generated using the algorithm used by the software. The encrypted pre hash code and the message are encrypted again using the sender's private key. The next step is for the sender of the message to retrieve the public key of the person this information is intended for. The sender encrypts the secret key with the recipient's public key, so only the recipient can decrypt it with his/her private key, thus concluding the encryption process. 1. 2. 3. 4. Lookup the user's public key (e , n ). Make sure that the message M is an integer such that 0  M  n. Compute, M ^ e  C (mod n) where 0  C  n. Transmit the integer C.

The Decryption Process
• • The recipient uses his/her private key to decrypt the secret key. The recipient uses their private key along with the secret key to decipher the encrypted pre hash code and the encrypted message. The recipient then retrieves the sender's public key. This public key is used to decrypt the pre hash code and to verify the sender's identity.

The recipient generates a post hash code from the message. If the post hash code equals the pre hash code, then this verifies that the message has not been changed en-route. 1. 2. 3. 4. Use your private key (d , n ). Receive the integer C, where 0  C  n. Compute, C ^ d  R (mod n) where 0  R  n. R is the original message.

Encryption Algorithms
Different encryption algorithms use proprietary methods of generating these keys and are therefore useful for different applications. Here are some nifty gritty details about some of these encryption algorithms. Strong encryption is often discerned by the key length used by the algorithm.

RSA
In 1977, shortly after the idea of a public key system was proposed, three mathematicians, Ron Rivest, Adi Shamir and Len Adleman gave a concrete example of how such a method could be implemented. To honor them, the method was referred to as the RSA Scheme. The system uses a private and a public key. To start two large prime numbers are selected and then multiplied together; n=p*q. If we let f(n) = (p-1) (q-1), and e>1 such that GCD(e, f(n))=1. Here e will have a fairly large probability of being co-prime to f(n), if n is large enough and e will be part of the encryption key. If we solve the Linear Diophantine equation; ed congruent 1 (mod f(n)), for d. The pair of integers (e, n) are the public key and (d, n) form the private key. Encryption of M can be accomplished by the following expression; Me = qn + C where 0<= C < n. Decryption would be the inverse of the encryption and could be expressed as; Cd congruent R (mod n) where 0<= R < n. RSA is the most popular method for public key encryption and digital signatures today.

DES/3DES
The Data Encryption Standard (DES) was developed and endorsed by the U.S. government in 1977 as an official standard and forms the basis not only for the Automatic Teller Machines (ATM) PIN authentication but a variant is also utilized in UNIX password encryption. DES is a block cipher with 64-bit block size that uses 56-bit keys. Due to recent advances in computer technology, some experts no longer consider DES secure against all attacks; since then TripleDES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits.

BLOWFISH
Blowfish is a symmetric block cipher just like DES or IDEA. It takes a variable-length key, from 32 to 448 bits, making it ideal for both domestic and exportable use. Bruce Schneier designed

Blowfish in 1993 as a fast, free alternative to the then existing encryption algorithms. Since then Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm.

IDEA
International Data Encryption Algorithm (IDEA) is an algorithm that was developed by Dr. X. Lai and Prof. J. Massey in Switzerland in the early 1990s to replace the DES standard. It uses the same key for encryption and decryption, like DES operating on 8 bytes at a time. Unlike DES though it uses a 128 bit key. This key length makes it impossible to break by simply trying every key, and no other means of attack is known. It is a fast algorithm, and has also been implemented in hardware chipsets, making it even faster.

SEAL
Rogaway and Coppersmith designed the Software-optimized Encryption Algorithm (SEAL) in 1993. It is a Stream-Cipher, i.e., data to be encrypted is continuously encrypted. Stream Ciphers are much faster than block ciphers (Blowfish, IDEA, DES) but have a longer initialization phase during which a large set of tables is done using the Secure Hash Algorithm. SEAL uses a 160 bit key for encryption and is considered very safe.

RC4
RC4 is a cipher invented by Ron Rivest, co-inventor of the RSA Scheme. It is used in a number of commercial systems like Lotus Notes and Netscape. It is a cipher with a key size of up to 2048 bits (256 bytes), which on the brief examination given it over the past year or so seems to be a relatively fast and strong cipher. It creates a stream of random bytes and 'XORing' those bytes with the text. It is useful in situations in which a new key can be chosen for each message.

Cracking Encryption Algorithms
Need for secure encryption algorithms Good cryptographic systems should always be designed so that they are as difficult to break as possible. Governments have always had concerns with strong encryption fearing that it could be used against their countries by criminals. Sophisticated technology is used by law enforcement agencies to decipher encrypted information that might contain incriminating evidence. In theory one can break any encryption algorithm by exhausting every key in a sequence. This brute force method requires vast amounts of computing power as length of the key increase. For example a 32-bit key takes 2^32 (4294967296) steps. A system with 40 bit keys (e.g. US-exportable version of RC4) takes 2^40 steps - this kind of computing power is available in most universities and even small companies. Encryption key lengths & hacking feasibility As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:

• • • •

develop a CPU that can test 1 billion IDEA keys per second build a parallel machine that consists of one million of these processors mass produce them to an extent that everyone can own one hundred of these machines network them all together and start working through the 128 bit key space

Assuming ideal performance and no downtime, one should be able to exhaustively search the key-space in over 20,000 years. A common concern amongst many is deciding what key length is secure. Type of Attacker Budget Tool Scavenged time FPGA FPGA 1 FPGA Corporate Department $300,000 ASIC 2 Large Corporation Intelligence Agency $10M $300M ASIC ASIC 0.18 sec. ($.001) 3 hours ($38) computer Time & Cost/Key Time & Cost/Key 40 bit 56 bit 1 5 hours ($.08) 12 min.($.08) 24 sec. week Not feasible

Minimal Regular User $400 Small Business $10,000

38 years ($5,000) 556 days ($5,000)

($.08) 19 days ($5,000)

0.005 sec.($0.001) 6 min. ($38) 0.0002 sec.($0.001) 12 sec. ($38)

There is a metronome for technological progress called Moore's Law which states that; "the number of components that can be packed on a computer chip doubles every 18 months while the price stays the same" . Essentially, this means that computing power per dollar doubles every eighteen months. Using a derivative of this above law one can also say that, if a key length of x is considered safe today, in 18 months the key length would have to be x+1 to keep up to par with the computing power. Recent studies performed by independent scientists have shown that key lengths should be no less than 90-bits long to ensure complete security for the next 20 years.
1

FPGA (Field Programmable Gate Arrays) are programmable pieces of hardware specifically designed for encryption/decryption.
2

ASIC (Application Specific Integrated Circuits) are also specialized hardware that can test 200 million keys per second.

Encrypted Email
One of the most common uses of encryption is in electronic messaging. Encryption can be used to secure email on public and private networks. Unlike e-mail on a private system, which goes directly to a mail server and resides there until it is retrieved, Internet e-mail bounces from server to server on its way to a recipient. This makes the transmission channel impossible to secure and provides numerous opportunities for interception. Here it makes sense to secure the message itself by using encryption. But private networks are not immune to the need for higher security and often employ encryption to guarantee the integrity of the message. Sending plaintext email is like sending a postcard - what type of information do you disclose when mailing a postcard? When do you consider putting the letter in an envelope to resist tampering and to protect your privacy? Similarly, encrypting email is the first step to securing the contents of your message. One of the most popular methods of email encryption is the use of public key encryption. The two most widely fielded methods of email encryption are PGP (Pretty Good Privacy) and Entrust. The former provides solutions for both individuals and corporations while Entrust focuses on the larger enterprise based secure messaging solutions. Also availabe to individual users/small businesses is encrypted email on a web based platform through Hushmail. This service allows you to send and receive email from their website, never having to buy any software or have the need for extra infrastructure. Also available is S/MIME (Secure / Multipurpose Internet Mail Extensions) - a protocol that adds digital signatures and encryption to Internet MIME messages. The MIME format allows the body of the message to be text, graphics, audio/video, etc allowing one to encrypt multiple forms of newsgroup communications. Encrypted mail enables the 'little guy' to decide how much privacy they want and when and where they want it. The Tools section has resources one could use for encrypted and anonymous email.

Virtual Private Networks (VPNs)
Recent technological advances in broadband and dial data access offer a more cost-effective solution for supporting large numbers of remote users, as well as unprecedented network scalability and flexibility. These technology advances have created virtual private networks (VPN) using public links. They can be used to provide mobile workers with remote access to the corporate network - at the price of a local call. As with any use of public networks, one sacrifices privacy for cost and availability. Except a VPN is a network tunnel created for data transmission between two or more authenticated parties. A secure VPN encrypts data before passing it through the network tunnel. This creates an encrypted "pipe" between the user and the access device ensuring data integrity/authenticity, and user privacy. Apart from providing connectivity for remote users, VPNs can also be used to interconnect servers and complete networks, creating entities known as Extranets.

Virtual Private Networks can be implemented by using propreitory systems from Nortel Networks, Cisco, Datafellows, Intel, Nokia, Checkpoint, Lucent and others. Point to point VPNs can also be created using imbedded protocols in Operating Systems like Windows 2000/XP/Linux or even by applications like PGP.

IPSEC
The IP Security Protocol (IPSec) working group has defined a set of specifications for cryptographically-based authentication, integrity, and confidentiality services at the IP datagram layer. This protocol is intended to secure data communications on the Internet and is one of the fastest growing security standards worldwide. IPSec supports multiple algorithms and key management systems within its design architecture.

Encryption Tools
There are many free and paid encryption tools available on the Internet. Some better than others, but nonetheless one can setup a secure messaging system (email encryption), secure transactions (SSL enabled web browsers) and secure connectivity (VPNs and SSH) on a very small budget. Some of the small business/individual solutions available include:

EMAIL
PGP - this is the de-facto secure messaging standard on the Internet. Network Associates has dropped this product suite but fortunately the strong user base of PGP means it is likely to stay as the most popular email encryption tool. Hush mail - here is another way of adding encryption to your email. But unlike software tools (say PGP) it is a service built into web based email. With free and paid service, one can get the flexibility of a web based email account combined with the security of 1,024-bit encryption, digital signatures and support for the OpenPGP standard.

FILE ENCRYPTION
Private File - Private File is a fast and easy way to protect yourself and your company by encrypting your files before sending them. With a simple drag-and-drop, or a menu point-andclick, your information is safe. And with the strongest encryption, you can be sure that no one but your desired recipient will be able to use your information. F-Secure File Crypto - developed by Data fellows Corp, this is a long standing file encryption application that supports strong encryption. Also comes for Pocket PC. Shy File - free and paid versions of a strong encryption application that lets you create selfexecutable, encrypted packages.

VPNs
PGP - certain versions of this applications allow point to point encrypted VPN sessions. Windows NT/2000/XP & Linux - they allow 'secure' data transmssion between two nodes using the PPTP protocol.

Internet Privacy
The Internet is a great tool. As it becomes woven into our day to day fabric, there are many more tasks that can be done on it. It is convenient, most people in the developed world have access to it. And many organizations/corporations are providing users with the tools to get stuff done on the Internet. Everyone from governments (records, applications, taxes), businesses (shopping, services, bill payments, banking) and individuals (research, communication, entertainment) are using the Internet to conduct transactions. But the Internet is a public network. That is, the access routes are for the most part open to other traffic and users. It is also a medium to obtain information, legally or not on a wide variety of people and things. So how can we make sure that the Internet can be used without compromising privacy of the users? A tough proposition that is getting harder every day. Like or not, websites collect information about their visitors (cookies, logs). Information that includes how often they visit, what links they click on, what they buy, etc. If you entered your name, age, or any other demographic information, there is a good chance that it might be provided to other firms to sell products/services or for analysis. Many times, the users are unaware of exactly what is being collected/monitored. What happens to this personal information if the company has financial difficulties and has to liquidate its assets? Is this information a company asset, free to be sold to the highest bidder? Internet applications like IE/Netscape have not really kept up either. Privacy issues have been put on the back burner in an effort to compete for market share which is predominantly based on ease of use and standards. Privacy is that uncomfortable issue that most people wish would go away. There are many other tools like Anonymizer, McAfee Privacy Services and others that can help users sanitize their computers and get an upper hand on what information they want on their computers. These applications allow you to select what personal information you wish to divulge and how to clean up your computer so as to negate any information or statistics that might be collected on you while surfing. These tools and a good personal firewall along with an anti-virus software are essential for every Internet user. The Internet is also a great tool to learn about increasing your privacy and securing private information.

Identity Theft
Identity theft is a growing problem in today's society. It is relatively easy to pull off and very devastating for the victims. There are thousands of cases every year where people see the fraudulent use of their identity to rack up credit card bills and ruin their reputations and credit histories. The Internet is definitely a factor here and is often pointed to as a culprit. But it can also be used to fight back and ensure that ones privacy is maintained. Here are some simple on and offline steps to follow in order to avoid identity theft.

ONLINE PRIVACY:
• Have you seen your credit report lately? You should check your credit report every 6 months to a year using one of many online credit report services. Use services and applications like Anonymizer or McAfee Privacy Services to control what personal information is divulged to websites. Install a good personal firewall (Norton, Black Ice, etc) - here are some firewall reviews. Use a good anti-virus software (Norton, McAfee, etc) and update signatures regularly Encrypt email communications using services like Hushmail. Have more than one email address, use free services like Yahoo!, Hotmail, or Spam Bully (which has good anti-spam tools) for regular email. Upgrade your web browser and operating system to support strong (i.e. 128 bit +) encryption. Do not divulge private information on the Internet, especially watch where you post your resumes.

• • • •

OFFLINE:
• • • • Get a secure mailbox/PO Box - one that won't allow someone to go through your mail. Get an unlisted number and subscribe to caller id. Buy a shredder; destroy any and all unwanted documentation before discarding. Have access to legal representation to consult about your rights.

• • •

Guard your Social Security Number (SSN). Diversify your assets and investments Learn how to protect your customer privacy.

If you are an identity theft victim, contact your local police department ASAP and implement all of the above suggestions.

Computer Hacking and Security
With the rapid growth of the worldwide Internet user base, online transactions are believed to reach well over a trillion dollars in the next three years. With stakes this high, it makes sense for all parties involved to secure the Internet. Haphazard handling of financial and personal information can lead to the Internet being constantly associated with fraud and privacy abuses instead of being a viable commerce medium. The goal for higher security starts with the individual user. The term "hacker" has been around for a while. It originally referred to a person not well versed with a computer trying different things to accomplish a task. To hack was to figure out something through sheer trial and error or logical deduction. Today, a hacker described as a person who breaks into computers for various reasons. Crackers and script-kiddies are two other more commonly used terms describing those involved in the break in or disruption of an online service.

Security problems can occur in any networked environment. Many of the problems are related to the exploitation of the original design of the TCP/IP suite of internetworking protocols, but the majority is due to configuration or operator errors. Hackers are not just looking for websites or government computers to hack - utility grids, emergency information systems, controls for dams and locks, financial information, inter-banking information, military communications and much more sensitive information travels on the Internet and other communication networks. In broad terms, security threats can be classified as active and passive.

ACTIVE HACKING:
Active attacks involve the modification of transmitted data and attempts to gain unauthorized access to systems. Data communication is based on a set of handshakes to ensure the smooth and

reliable flow of information. A hacker that is between a client and a server and is able to spoof (illegally duplicate) the IP address and sequence numbers, can attack either machine in several ways. The hacker can disable one of the machines and take the identity of the other, or the hacker can mimic either machine and carry on conversations impersonating the other. A hacker could also attach additional information to a client request and strip the corresponding additional response from the packet before forwarding the remaining response to the client's original request. All this while having access to information that is assumed to be going back and forth between two 'trusted' systems. Computer viruses and Trojans are also examples of active attacks. They can disable machines or in the case of Trojans allow malicious hackers access to sensitive information by creating a back door.

PASSIVE HACKING:
Passive attacks have to do with eves dropping and monitoring transmissions. All electronic transmissions (email, WWW, telnet, etc) can theoretically be monitored. Since most computers (and the whole Internet) is part of network(s), spying on data transmissions is a major concern. One of the earliest and most sophisticated passive eavesdropping example comes to us from the Cold War. The US Navy was able to 'tap' into Soviet undersea fiber optic lines by using special submarines and for years had complete knowledge of that set of communications. On the Internet, protocols like HTTP, FTP and telnet are non-encrypted modes of communications that can easily be compromised. Therefore, encrypted versions (HTTPS, SSH, etc) should be used when transmitting sensitive information.

Computer Security
There are three data security concerns that need to be addressed - confidentiality, authentication, and non-repudiatability. Confidentiality ensures that the data is readable only by the intended recipients. Authentication provides protection against unauthorized access or forgeries. Non-repudiatability ensures that someone cannot deny having conducted a transaction. The steps needed to curb the security concerns on the Internet are three fold. First is a balance between industry self-regulation and laws to deter unscrupulous practices. Second would be the education of the Internet user base on their rights and tools to ensure their protection while online. Lastly, the continuous advent of technology as it matures the Internet and provides us with newer more powerful tools that will enhance the current economic boom that many regard as an Internet phenomenon. So how do you secure sensitive data? Well if it is so sensitive that it cannot be compromised under any circumstances, then the only sure fire security precaution is to take it off any networks. There must be an "air gap" between this system and the rest of the network. But first one would be to ensure that the physical location has been secured. Access to the network would be limited to those who need it and control be exercised by

a combination of security methods (passwords, smartcards, biometrics). Biometrics always brings up the question of privacy. And in applications where the masses would be affected, this is a valid concern. But biometrics can be very useful if one is trying to control access or verify the identity of a smaller number of people. This is also advisable due to the error rates currently seen in biometric systems (~ 0.01%). And the answer to securing data during transmission is Encryption. When it comes to personal computers, ensuring security is a more manageable matter. If you store sensitive material on your home computer you should consider using an encryption program like PGP or Private File. Any computer that is connected to a broadband (DSL/Cable/Satellite) connection requires an extra layer of protection. You should consider either a good personal firewall and/or a firewall router - the firewall router will also allow you to share your internet connection with other PCs in your home.

Operating Systems Security
Needless to say, all operating systems are not created equal. None most popular operating systems of today were developed with secure electronic commerce in mind. Unix is the oldest and most widely used networking operating system in use today. Unix has the advantage of having been hacked and patched by hackers and crackers for decades. One of the most popular Unix derivatives is Linux, developed by Linus Torvalds and now maintained by thousands of volunteers and many software companies. But Linux still has flaws that are being discovered every day. It is extremely important to monitor these occurrences and apply the necessary patched when they are made available. Microsoft's Windows platform has seen unprecedented growth as a server and client platform. Whether it be in the millions of home PCs, on the Internet or on corporate LANs, its popularity has caught the fancy of many hackers.

Introduction to Secret Key Cryptography
Cryptography, simply defined, is the art of combining some input data, called the plaintext, with a user-specified password to generate an encrypted output, called cipher text, in such a way that, given the cipher text, it is extremely difficult to recover the original plaintext without the encryption password in a reasonable amount of time. The algorithms that combine the keys and plaintext are called ciphers. Various ciphers are documented in the Algorithms section. Many ciphers accept a fixed length password (also called a key). The key space is the total number of possible keys. For a cipher that accepts 160 bit keys, this is 2160, or approximately 1.46 x 1048. Although recommended

key lengths change as computing power grows, the currently secure key length for encryption ranges from 128 to 256 bits, with most modern algorithms using keys at least 128 bits. So what makes one cipher better than another? What makes a cipher secure? Although these questions are the essence of cryptography, their answers are relatively simple: if there is no other way to "break" the algorithm (recover the plaintext or key given some cipher text) other than searching through every possible key, then the algorithm is secure. This is where a large key length comes in -- the larger the key length, the more possible keys to search through, and therefore the more secure the algorithm. Cryptanalytic attacks are simply means of reducing the number of keys that need to be searched. The majority of the encryption algorithms in use today are block algorithms, which operate on one chunk (generally 64 bits) of data at a time. By comparison, stream ciphers operate on variable lengths of data. Stream ciphers can be thought of as seeded random number generators (with the seed being the key), with the random numbers being combined with the plaintext to generate cipher text. The better the generated numbers are, the more secure the stream cipher is. Block algorithms are, in terms of both design and implementation, generally more complex than stream ciphers. Bruce Schneier's Blowfish algorithm is a very good example of a block cipher and illustrates some important design concepts. Blowfish combines an non-invertible f function, key-dependent S-boxes, and a Feistel network to make a cipher that has not yet been broken. It is relatively simple to implement. CAST, another cipher of high repute, is very similar to Blowfish in overall design. Kremlin supports secret key cryptosystems and cryptographic hash functions.

The Blowfish Algorithm
The most interesting portion of Blowfish is its non-invertible f function. This function uses modular arithmetic to generate indexes into the S-boxes. Modular arithmetic is usually used to create non-invertible f functions. Non-inevitability is best explained by example: take the function f(x) = x2 mod 7. x x2 x2 mod 7 1 1 1 2 4 4 3 9 2 4 16 2 5 25 4 6 36 1 7 49 0

Given an output, there is no function that can generate the specific input to f(x). For example, if you knew that your function has a value of 4 at some x, there is no way to know if that x is 2, 5, or any other x whose f(x) = 4. Blowfish does its arithmetic over mod 232 (232 is around 4 billion). This is called arithmetic in a finite field and makes some

common mathematical assumptions untrue (1+1 does not equal two if you are in a finite field of size two). S-boxes are just large arrays of predefined data. During the process of key setup, the key is combined with the S-boxes. The details of this key-setup are relatively uninteresting, but the fact that it combines the key with the S-boxes strengthens the algorithm greatly. Key setup in Blowfish is designed to be relatively slow. This is actually a benefit, as someone doing a brute-force search of keys will have to go through the slow key setup process for each key tried. However, someone doing encryption and decryption must only go through the key setup process once. Encryption and decryption are relatively fast. Another important element of Blowfish is the Feistel network. Using the Feistel network gives the cipher two very desirable properties: decryption using the same f function (even if it is non-invertible) and the ability to iterate the function multiple times. These multiple iterations are called rounds. The more rounds, the more secure the algorithm is. The recommended number of rounds depends on the specific algorithm; for Blowfish, it is 16. A Feistel network can be described by the following algorithm (taken from Applied Cryptography): Divide a block of length n into two parts, L and R, of length n/2 Li Ri = Li– 1 (+) f(Ri– 1,Ki), = Ri–
1

,

where (+) is a bitwise addition modulo 2 (exclusive OR).

Cryptographic Algorithms
BLOCK CIPHERS
3-Way

3-Way is a simple and fast cipher designed by Joan Daemen. 3-Way features a 96-bit key length and a 96-bit block length. 3-Way is an iterated block cipher that repeats some relatively simple operations a specified number of rounds. David Wagner, John Kelsey, and Bruce Schneier of Counterpane Systems have discovered a related key attack on 3Way that requires one related key query and about 222 chosen plaintexts, described in this paper. 3-Way is unpatented.
Blowfish

Blowfish is a block cipher designed by Bruce Schneier, author of Applied Cryptography. Blowfish combines a Feistel network, key-dependent S-Boxes, and a non-invertible F function to create what is perhaps one of the most secure algorithms available. Schneier's

paper is available here. Blowfish is also described in the Concepts of Cryptography page. The only known attacks against Blowfish are based on its weak key classes. Blowfish is implemented in Kremlin.
CAST

CAST, designed by Carlisle Adams and Stafford Taveres, is shaping up to be a solid algorithm. Its design is very similar to Blowfish's, with key-dependent S-Boxes, a noninvertible f function, and a Feistel network-like structure (called a substitutionpermutation network). David Wagner, John Kelsey, and Bruce Schneier have discovered a related-key attack on the 64-bit version of CAST that requires approximately 217 chosen plaintexts, one related query, and 248 offline computations (described in this paper). The attack is infeasible at best. CAST is patented by Entrust Technologies, which has generously released it for free use. The CAST cipher design process is described in this paper and the 128-bit version is described in this addendum. Carlisle Adams has submitted a version of CAST (CAST-256) as an AES candidate. CAST-128 is implemented in Kremlin.
CMEA

CMEA is the encryption algorithm developed by the Telecommunications Industry Association to encrypt digital cellular phone data. It uses a 64-bit key and features a variable block length. CMEA is used to encrypt the control channel of cellular phones. It is distinct from ORYX, an also insecure stream cipher that is used to encrypt data transmitted over digital cellular phones. It has been broken by David Wagner, John Kelsey, and Bruce Schneier of Counterpane Systems. Their paper, which also provides an excellent description of the CMEA algorithm, is available here.
DES

Designed at IBM during the 1970s and officially adopted as the NIST standard encryption algorithm for unclassified data in 1976, DES has become the bastion of the cryptography market. However, DES has since become outdated, its long reign as official NIST algorithm ending in 1997. Though DES accepts a 64-bit key, the key setup routines effectively discard 8 bits, giving DES a 56-bit effective keylength. DES remains widely in use. During the design of DES, the NSA provided secret S-Boxes. After differential cryptanalysis had been discovered outside the closed fortress of the NSA, it was revealed that the DES S-boxes were designed to be resistant against differential cryptanalysis. DES is becoming weaker and weaker over time; modern computing power is fast approaching the computational horsepower needed to easily crack DES. DES was designed to be implemented only in hardware, and is therefore extremely slow in software. A recent successful effort to crack DES took several thousand computers several months. The EFF has sponsored the development of a crypto chip named "Deep

Crack" that can process 88 billion DES keys per second and has successfully cracked 56 bit DES in less than 3 days. DES is implemented in Kremlin (accessible through Kremlin SDK API).
Triple-DES

A variant of DES, Triple-DES (also 3DES) is based on using DES three times. This means that the input data is encrypted three times. The Triple-DES is considered much stronger than DES, however, it is rather slow compared to some new block ciphers.
DEAL

DEAL is an interesting AES submission and, like all AES submissions, it uses a 128 bit block and accepts 128 bit, 192 bit, and 256 bit keylengths. It uses DES as its inner round function and its authors suggest at least 6, preferably 8 rounds (there are some attacks against DEAL). There is a paper available here that describes some attacks, all of which can be cured by using at least 8 rounds.
FEAL

Developed by the Nippon Telephone & Telegraph as an improvement to DES, the Fast Data Encipherment Algorithm (FEAL) is very insecure. FEAL-4, FEAL-8, and FEAL-N are all susceptible to a variety of cryptanalytic attacks, some requiring as little as 12 chosen plaintexts. FEAL is patented.
GOST

GOST is a cryptographic algorithm from Russia that appears to be the Russian analog to DES both politically and technologically. Its designers took no chances, iterating the GOST algorithm for 32 rounds and using a 256 bit key. Although GOST's conservative design inspires confidence, John Kelsey has discovered a key-relation attack on GOST, described in a post to sci.crypt on 10 February 1996. There are also weak keys in GOST, but there are too few to be a problem when GOST is used with its standard set of Sboxes. You can read the official GOST algorithm description (translated from Russian) here. There is also a description of the GOST algorithm here.
IDEA

IDEA, developed in Zurich, Switzerland by Xuejia Lai and James Massey, is generally regarded to be one of the best and most secure block algorithm available to the public today. It utilizes a 128-bit key and is designed to be resistant to differential cryptanalysis. Some attacks have been made against reduced round IDEA. Unfortunately, IDEA is patented; licensing information can be obtained from Ascom.

LOKI

LOKI was designed as a possible replacement for DES. It operates on a 64-bit block and a 64-bit key. The first version of LOKI to be released was broken by differential cryptanalysis and was shown to have an 8-bit complementation property (this means that the number of keys that need to be searched in a brute force attack is reduced by 256). LOKI was revised and re-released as LOKI91. LOKI91 is secure against differential cryptanalysis, but LOKI easily falls to a chosen-key attack. The designers of LOKI have proposed LOKI97 as an AES candidate, but linear and differential attacks on LOKI97 have already been proposed.
Lucifer

Lucifer was one of the first modern cryptographic algorithms. It was designed at IBM in the 1960s by Horst Feistel, of Feistel network fame. Lucifer is often considered to be a precursor to DES. There are several incarnations of Lucifer, each with the same name, which creates a good deal of confusion. No version is secure. A paper on the differential cryptanlysis of Lucifer was written by Ishai Ben-Aroya & Eli Biham.
MacGuffin

MacGuffin is a cipher developed by Matt Blaze and Bruce Schneier as an experiment in cipher design. It uses a Feistel network (see the cryptography overview for details), but does not split the input evenly, instead dividing the 64 bit block into one 16 bit part and another 48 bit part. This is called a generalized unbalanced Feistel network (GUFN). Details are available here. A differential attack on MacGuffin has been found that requires approximately 251.5 chosen plaintexts.
MARS

MARS is IBM's AES submission. There is a MARS web page with a link to the MARS paper. MARS uses 128 bit blocks and supports variable key sizes (from 128 to 1248 bits). MARS is unique in that it combines virtually every design technique known to cryptographers in one algorithm. It uses addition and subtractions, S-boxes, fixed and data dependent rotations, and multiplications.
MISTY

Misty is a cryptographic algorithm developed by Mitsubishi Electric after they broke DES in 1994. It is designed to withstand linear and differential cryptanalysis, but has not yet been cryptanalysed. As it has not undergone intensive peer review, the usual caution is recommended. It is being considered for inclusion into the SET 2.0 standard. Visit the MISTY web page or read the author's paper on MISTY.

MMB

MMB was designed as an alternative to IDEA that uses a 128-bit block instead of IDEA's 64-bit block. It was designed using the same principles as IDEA. Unfortunately, it is not as secure as IDEA and several attacks exist against it. Its author, Joan Daemen, abandoned it and designed 3-Way.
NewDES

Although NewDES was developed by Robert Scott to possibly replace DES, NewDES has fallen short of expectations. NewDES has been proven to be weaker than DES, requiring 24 related-key probes and 530 chosen plaintext/ciphertext queries, as described in this paper.NewDES is implemented in Kremlin
RC2

RC2, like RC4, was formerly a trade secret, but code purporting to be RC2 was posted to sci.crypt. It is archived here. David Wagner, John Kelsey, and Bruce Schneier have discovered a related-key attack on RC2 that requires one related-key query and approximately 234 chosen plaintexts. RC2 is not patented by RSA Data Security, Inc; it is just protected as a trade secret.
RC5

RC5 is a group of algorithms designed by Ron Rivest of RSA Data Security that can take on a variable block size, key size, and number of rounds. The block size is generally dependent on the word size of the machine the particular version of RC5 was designed to run on; on 32-bit processors (with 32-bit words), RC5 generally has a 64-bit block size. David Wagner, John Kelsey, and Bruce Schneier have found weak keys in RC5, with the probability of selecting a weak key to be 2-10r, where r is the number of rounds. For sufficiently large r values (greater than 10), this is not a problem as long as you are not trying to build a hash function based on RC5. Kundsen has also found a differential attack on RC5. RC5 is described in this RSA document. RC5 is patented by RSA Security, Inc.
RC6

RC6 is Ronald Rivest's AES submission. Like all AES ciphers, RC6 works on 128 bit blocks. It can accept variable length keys. It is very similar to RC5, incorporating the results of various studies on RC5 to improve the algorithm. The studies of RC5 found that not all bits of data are used to determine the rotation amount (rotation is used extensively in RC5); RC6 uses multiplication to determine the rotation amount and uses all bits of input data to determine the rotation amount, strengthening the avalanche effect.

REDOC

There are two versions of the REDOC algorithm, REDOC II, and REDOC III. REDOC II is considered to be secure; an attack has been made against one round of REDOC II, but could not be extended to all 10 recommended rounds. REDOC II is interesting in that it uses data masks to select the values in the S-boxes. REDOC II uses a 160-bit key and works on an 80-bit block. REDOC III was an attempt to make the painfully slow REDOC II faster. REDOC III, like REDOC III, operates on an 80-bit block, but can accept keys up to 20480 bits. However, REDOC III falls to differential cryptanalysis, as described in this paper.
Rijndael

Rijndael is an AES winner by Joan Daemen and Vincent Rijmen. The cipher has a variable block and key length, and the authors have demonstrated how to extend the block length and key length by multiples of 32 bits. The design of Rijndael was influenced by the SQUARE algorithm. The authors provide a Rijndael specification and a more theoretical paper on their design principles. The authors have vowed to never patent Rijndael.
Safer

Safer was developed by Robert Massey at the request of Cylink Corporation. There are several different versions of Safer, with 40, 64, and 128-bit keys. A weakness in the key schedule was corrected, with an S being added to the original Safer K designation to create Safer SK. There are some attacks against reduced round variants of Safer. Safer is secure against differential and linear cryptanalysis. However, Bruce Schneier, author of Applied Cryptography, recommends against using Safer because, "Safer was designed for Cylink, and Cylink is tainted by the NSA." Safer SK-128 is implemented in Kremlin.
Serpent

Serpent is an AES submission by Ross Anderson, Eli Biham, and Lars Knudsen. Its authors combined the design principles of DES with the recent development of bitslicing techniques to create a very secure and very fast algorithm. While bitslicing is generally used to encrypt multiple blocks in parallel, the designers of Serpent have embraced the technique of bitslicing and incorporated it into the design of the algorithm itself. Serpent uses 128 bit blocks and 256 bit keys. Like DES, Serpent includes an initial and final permutation of no cryptographic significance; these permutations are used to optimize the data before encryption. Serpent was released at the 5th International Workshop on Fast Software Encryption. This iteration of Serpent was called Serpent 0 and used the original DES S-boxes. After comments, the key schedule of Sperpent was changed slightly and the S-boxes were changed; this new iteration of Serpent is called Serpent 1. Serpent 1 resists both linear and differential attacks. The Serpent paper is available here.

SQUARE

SQUARE is an iterated block cipher that uses a 128-bit key length and a 128-bit block length. The round function of SQUARE is composed of four transformations: a linear transformation, a nonlinear transformation, a byte permutation, and a bitwise round-key addition. SQUARE was designed to be resistant to linear and differential cryptanalysis, and succeeds in this respect. The designers of SQUARE have developed an attack on SQUARE, but it cannot be extended past 6 rounds. A paper on SQUARE is available here and there are links to the paper and source code on the designers' web site.
Skipjack

In what surely signals the end of the Clipper chip project, the NSA has released Skipjack, its formerly secret encryption algorithm, to the public. Skipjack uses an 80 bit key. A fuzzy scan of the official NSA paper is available here at the NIST web site, but it has been transcribed by the folks over at jya.com. A reference implementation (in C) is available here, and an optimized version is available here. Eli Biham and Adi Shamir have published some initial cryptanalytic results (which are growing more and more interesting as time progresses).
Tiny Encryption Algorithm (TEA)

TEA is a cryptographic algorithm designed to minimize memory footprint, and maximize speed. However, the cryptographers from Counterpane Systems have discovered three related-key attacks on TEA, the best of which requires only 223 chosen plaintexts and one related key query. The problems arise from the overly simple key schedule. Each TEA key can be found to have three other equivalent keys, as described in a paper by David Wagner, John Kelsey, and Bruce Schneier. This precludes the possibility of using TEA as a hash function. Roger Needham and David Wheeler have proposed extensions to TEA that counter the above attacks.
Twofish

Twofish is Counterpane Systems' AES submission. Designed by the Counterpane Team (Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson), Twofish has undergone extensive analysis by the Counterpane Team. There is a paper available from the Twofish web page and source is provided in optimized C and assembly.

STREAM CIPHERS
ORYX

ORYX is the algorithm used to encrypt data sent over digital cellular phones. It is a stream cipher based on three 32-bit Galois LFSRs. It is distinct from CMEA, which is a block cipher used to encrypt the cellular data control channel. The cryptographic tag-

team from Counterpane Systems (David Wagner, John Kelsey, and Bruce Schneier) have developed an attack on ORYX that requires approximately 24 bytes of known plaintext and about 216 initial guesses.
RC4

The RC4 algorithm is a stream cipher from RSA Data Security, Inc. Though RC4 was originally a trade secret, the alleged source code was published anonymously in 1994. The published algorithm performs identically to RC4 implementations in official RSA products. RC4 is widely used in many applications and is generally regarded to be secure. There are no known attacks against RC4. RC4 is not patented by RSA Data Security, Inc; it is just protected as a trade secret. The 40-bit exportable version of RC4 has been broken by brute force! RC4 is implemented in Kremlin.
SEAL

SEAL, designed by Don Coppersmith of IBM Corp, is probably the fastest secure encryption algorithm available. The key setup process of SEAL requires several kilobytes of space and rather intensive computation involving SHA1, but only five operations per byte are required to generate the keystream. SEAL is particularly appropriate for disk encryption and similar applications where data must be read from the middle of a ciphertext stream. A paper is available here. SEAL is patented, and can be licensed from IBM.

HASH ALGORITHMS
MD2

MD2 is generally considered to be a dead algorithm. It was designed to work on 8-bit processors and, in today's 32-bit world, is rarely used. It produces a 128-bit digest. MD2 is different in design from MD4 and MD5, in that it first pads the message so that its length in bits is divisible by 256. It then adds a 256-bit checksum. If this checksum is not added, the MD2 function has been found to have collisions. There are no known attacks on the full version of MD2. MD2 is described in RFC 1319.
MD4

Although MD4 is now considered insecure, its design is the basis for the design of most other cryptographic hashes and therefore merits description. First, the message to be operated on is padded so that its length in bits plus 448 is divisible by 512. Then, in what is called a Damgård/Merkle iterative structure, the message is processed with a compression function in 512-bit blocks to generate a digest value. In MD4 this digest is 128 bits long. Hans Dobbertin developed an attack on the full MD4 that will generate

collisions in about a minute on most PCs. An overview of the design and a description of the security of MD2, MD4, and MD5, are described in this RSA document.
MD5

While MD4 was designed for speed, a more conservative approach was taken in the design of MD5. However, applying the same techniques he used to attack MD4, Hans Dobbertin has shown that collisions can be found for the MD5 compression function in about 10 hours on a PC. While these attacks have not been extended to the full MD5 algorithm, they still do not inspire confidence in the algorithm. RSA is quick to point out that these collision attacks do not compromise the integrity of MD5 when used with existing digital signatures. MD5, like MD4, produces a 128-bit digest. An RFC describing MD5 in detail is available here. The use of MD5, as well as MD4, is not recommended in new applications.
RIPEMD

RIPEMD and its successors were developed by the European RIPE project. Its authors found collisions for a version of RIPEMD restricted to two rounds. This attack can also be applied to MD4 and MD5. The original RIPEMD algorithm was then strengthened and renamed to RIPEMD-160. As implied by the name, RIPEMD-160 produces a 160-bit digest. A comprehensive description of RIPEMD-160 can be found here.
SHA1

SHA1 was developed by the NSA for NIST as part of the Secure Hash Standard (SHS). SHA1 is similar in design to MD4. The original published algorithm, known as SHA, was modified by NSA to protect against an unspecified attack; the updated algorithm is named SHA1. It produces a 160-bit digest -- large enough to protect against "birthday" attacks, where two different messages are selected to produce the same signature, for the next decade. The official FIPS description of SHA1 can be found here. SHA1 is implemented in Kremlin.
Snefru

Snefru is a hash function designed by Ralph Merkle, the designer of the Khufu and Khafre encryption algorithms. 2-round Snefru has been broken by Eli Biham. Snefru 2.5, the latest edition of the hash algorithm, can generate either a 128-bit or a 256-bit digest.
Tiger

Tiger is a new hash algorithm by Ross Anderson and Eli Biham. It is designed to work with 64-bit processors such as the Digital Alpha and, unlike MD4, does not rely on rotations (the Alpha has no such rotate instruction). In order to provide drop-in

compatibility with other hashes, Tiger can generate a 128-bit, a 160-bit or a 192-bit digest. The Tiger home page contains more information.

CASE STUDY:
Password Manager XP:
Password Manager XP is a program specially created to help people systematize and store securely valuable information. It rids computer users of headaches caused by lost passwords, forgotten access codes and other sensitive information. With this program, you safely store all your logins, passwords, PIN codes, credit card numbers, access codes, files, and any other confidential information in one place. Password Manager XP allows you to create several databases for storing desired information. Each database has its own access password and is encrypted with the algorithms of your choice. This means capability to apply several different encryption algorithms at a time, which significantly increases protection against unauthorized access of your data. Besides, the program comes with an option to automatically exit databases when idle for a set period of time, which decreases the likelihood of stealing your data when leave your computer with application running (for example, you have been distracted by other things or simply forgot to quit the program). In addition, you can create passwords databases at shared resources and access them from multiple computers across the network. Removable devices Wizard will help you to install the Password Manager XP to any removable media such a USB flash drives. You can run Password Manager XP and work with password databases directly from removable device.

Password Manager XP is ideal for workgroup use. The program lets several users get access to the password databases. Importantly, access rights and privileges can be regulated. All changes inside the database are logged, giving the system administrator complete control over the users' actions. Quite frankly, Password Manager XP can considerably simplify your work with the Internet and usual Windows applications. It can autofill web pages, registration forms, logon windows, etc. This feature is compatible with Microsoft Internet Explorer, Firefox, Google Chrome, Opera and majority of usual Windows applications. You can install Password Manager XP Mobile to your Windows Mobile-based device and access your data easily when your laptop or desktop PC is not available. Password Manager XP installed on your Pocket PC allows you to keep your data secure and right in your pocket. Password Manager XP has a built-in customizable password generator. Password Manager XP comes with a user-friendly interface that is easy to navigate and adjust. Password Manager XP is your personal Password Keeper!

Features of Password Manager XP: Exceptionally high security level

• • •

support of the following encryption algorithms (can be used together): Blowfish, 3DES, Rijndael, Tea, Cast128, RC4, Serpent, Twofish; no unencrypted temporary files ever created; memory blocks are cleared when no longer needed; built-in password generator;

Multi-user password manager • • • • • support for multiple databases; ability to access passwords databases from multiple computers across the network; adjustable user privileges per given database; permissions can be set for folders or even individual records; concurrent write access to a database for multiple users;

• • •

NT authentication support; logging of all data changes; users' actions logging (Professional / Corporate edition only);

Other features •

• • • • • • • • • • • •

database and folder fields can be fully customized. It is possible to add/modify/remove fields for individual folder or entire database; autofill & form filler functionality. Currently it works in Microsoft Internet Explorer, Firefox, Google Chrome, Opera and most of ordinary Windows applications; files can be attached to database records; support of system wide hotkeys; printing and ability to create custom print templates; ability to store passwords databases and the program itself on the removable devices such a USB flash drives; synchronization of databases; backup and restoring of passwords databases; export and import to/from CSV and TXT files; ability to check for the expired passwords on Windows start; program can be minimized to system tray; information sorting options; handy and easy adjustable interface; multilingual user interface (English, German, French, Italian, Spanish, Dutch, Swedish, Norwegian, Lithuanian, Chinese, Korean, Danish, Czech, Slovak, Slovenian, Hungarian, Greek, Croatian, Polish, Portuguese (Brazil), Hebrew, Turkish, Farsi, Romanian, Russian, Ukrainian); XP themes support.

Password Manager XP Supports Following Algorithms Encryption algorithm 3DES Blowfish Cast128 RC4 Rijndael (new AES) Serpent Tea Twofish Hash algorithm used to generate encryption key SHA SHA-384 MD5 SHA-512 SHA-256 SHA-256 MD5 SHA-256 Encryption key length 160 bit 384 bit 128 bit 512 bit 256 bit 256 bit 128 bit 256 bit

File Encryption XP:

With File Encryption XP, you can encrypt files of any type, including Microsoft Word, Excel and PowerPoint documents. It protects information against being viewed or modified without your authorization. The reliable and ultra-secure Blowfish algorithm is used for data encryption and no encryption passwords are saved within the encrypted files. This makes the encryption very secure. The program has a convenient and intuitive interface and so even the most inexperienced users in the sphere of information protection can protect their data quite easily. A feature that creates self-extracting encrypted files is built into the program. These files are completely self-contained which means that, if you have the correct password, you can view your encrypted files on any Windows PC and you do not need to install any other encryption software. File Encryption XP can be used as secure file eraser to wipe files completely and permanently. The program adds items into Windows Explorer popup menu to simplify encryption, decryption and wiping tasks. File Encryption XP encrypts files and folders using a strong Blowfish algorithm with 384-bit key. Protected files that can be decrypted without File Encryption XP is a built in program feature. You can create a self-extracting encrypted file and simply send it by mail or give it to someone on a floppy disk. If the recipient knows the password, he or she can execute this file to get the original document. In many cases we would like to delete the original insecure file or folder after it has been encrypted. The standard Windows deletion method is not secure because you can restore such a file in almost 100% of cases. File Encryption XP has a reliable deletion method that will completely remove files. This is especially useful for deleting the source file or folder after encryption so that the only remaining file is the encrypted version. File Encryption XP is especially useful for working on a variety of storage devices. You could install the program on a floppy disk or a flash drive and use it on any Windows PC to which the drive is connected. File Encryption XP is optimized for working on removable media. File Encryption XP has a built-in strong password generator allowing you to generate new passwords according to the criteria you specify. Strong passwords are ones containing upper and lower case letters as well as numbers and so they are almost impossible to guess. File Encryption XP automatically logs all program operations. You can always recall what you were doing and when by looking through the log file. You can disable this option if you prefer additional security and do not wish to keep a record of your activities. When the program starts, it looks for all encrypted data on the current medium and displays the list in the "Search" panel. The "Search" panel groups the encrypted files in one place so it is easier to access them. You can use this panel to decrypt or delete the encrypted files found by the program. The program interface is based on the interface of Windows Explorer. You can perform all program operations on files and folders just as

you would in Windows Explorer. You can modify any menu or toolbar, create new ones or change the program skin. File Encryption XP is your File Encryption Software for Windows! Features of File Encryption XP: Main features • • • • • • • • • • • • • • • encrypting files and folders using the Blowfish algorithm; decrypting files and folders; files and folders compression before encryption; creating self-extracting encrypted files; removing files and folders completely and permanently, this is called "wiping"; support for large files (4Gb and more); Windows Explorer popup menu integration; install the program to Removable Device such as a USB memory stick; File Encryption XP has a built-in customizable password generator; works on any removable media (under any Windows operating system); logs all operations to a file; automatically finds and groups encrypted files; no software backdoors into the program or files; no unencrypted temporary files ever created; memory blocks are cleared when no longer needed.

Additional features • • • • • all user settings are automatically saved; a choice of skins (Office XP, Office 2003 and Windows XP themes); context-sensitive help; the entire interface can be customized to your own requirements; active accessibility support.

Kremlin:
Many products feature secure encryption, but Kremlin does more: Kremlin builds a wall around your computer, protecting your sensitive files from snooping intruders. Windows and Mac OS were not designed to be secure; they literally strew your sensitive data all over the computer. The Kremlin Sentry automates the process of securing your computer by scheduling itself to secure portions of your hard disk and all used memory when you log off your computer or your computer becomes idle.

And Kremlin is easy to use, too. You can securely remove files from your computer by dragging them to the Kremlin Secure Delete (Recycle Bin). And when you log off, Kremlin clears sensitive areas of your hard disk and wipes all records of your activities. Kremlin can also automatically encrypt files and directories when you log off your computer and decrypt them when you log back on, providing a transparent way to protect your files from any nosy intruders. If you're worried about your word processor leaking scraps of your sensitive documents all over your hard drive, you can use Kremlin Text, a full-featured and secure text editor that automatically encrypts your documents. You can even e-mail a secret memo to a coworker from within Kremlin Text.And Kremlin is so secure that the U.S. Government considers it a munition! To snoops, Kremlin is a deadly weapon.

KERMIN SDK:

Kremlin SDK
Kremlin SDK is the cryptographic engine that powers Kremlin. It is the foundation of Kremlin. Learn more...

Kremlin Encrypt/Decrypt
Kremlin Encrypt provides an easy-to-use interface to powerful cryptography. Kremlin Decrypt allows you to decrypt the files you have encrypted. Read more about cryptography basics or an overview of cryptographic algorithms. Learn more...

Kremlin Text
Discussing a top-secret project and need to send a secure memo? Exchanging notes with a secret lover? You can use Kremlin Text to ensure that your data arrives safely and

securely. Just type your message into Kremlin Text's word processor-like environment, click the Encrypt button, and you're ready to send secure e-mail! Your message can include text formatting and different colors. Learn more...

Kremlin Sentry
The Kremlin Sentry automates the process of securing your computer. You can schedule the Kremlin Sentry to run when you shut down your computer or when your computer is idle. The Kremlin Sentry then secures unused portions of your hard drive, where "deleted" word processing files often reside, and wipes all memory (including the swap file), overwriting operating system records of passwords and other sensitive information. The Kremlin Sentry can also clear all records of the most recently accessed documents or all previously visited Internet world wide web sites. Learn more...

Kremlin Wipe
Windows and Mac OS were not designed as secure operating systems. Your keystrokes, which might contain a sensitive passphrase, are saved to disk, and your word processor routinely writes scraps of your documents to disk. Use Kremlin Wipe to wipe free memory, unused disk space or completely wipe the disk! Learn more...

Kremlin Secure Delete (Recycle Bin): Secure Deletion
When you drag your top-secret document to the Kremlin Secure Recycle Bin, it's just not flagged to be overwritten, it's gone forever. Kremlin overwrites your documents with a variation of the Department of Defense standard, writing zeros, ones, and a pseudorandom bit stream and its binary complement a user-specified number of times. Learn more... Add powerful 160-bit encryption to your application in less than 30 lines of C code The Kremlin SDK is an easy-to-use C DLL interface to powerful cryptography. It is used as the basis of KremlinEncrypt.com's popular Kremlin encryption software and has proven itself to be a robust and stable encryption SDK (over 50,000 users have downloaded Kremlin). The Kremlin SDK is implemented in four layers of increasing abstraction.

Supported Platforms
• • •

Windows, Mac OS X, Mac OS 9: Cross-platform support Linux: Needs some polishing, but works Other platforms: We can port Kremlin SDK to any other platform. Please contact us to discuss custom ports.

Layers of Abstraction

Encrypt a file with just one function call!

Cryptographic Features
• • • • •

Encryption algorithms: Blowfish, CAST-128, DES, RC4, Safer SK-128, NewDES Encryption modes: Supports both ECB and CBC encryption mode (read SP 800-38A, Recommendation for Block Cipher Modes of Operation for more information) Hashing: Secure Hash Algorithm (SHA1). Secure memory allocation: smalloc and sfree make it a no-brainer to prevent leakage of secure data Disk security: file wiping, cluster wiping, free space wiping, memory wiping

The Kremlin SDK also includes automatic compression (at the archive level), error checking using a modified Fletcher checksum (faster and better than a CRC), and a flexible callback system (for progress controls, file overwriting, etc.) And the Kremlin SDK is very, very secure. Both the source code and the compiled executables have been reviewed by security professionals, including Chris Hall from Counterpane Systems (Bruce Schneier's company), Alexander Pukall, who writes encrypted databases, and a person named Casimir, who has cracked the encryption in several other programs, including "Encrypt-It" and "Crypt-o-text". After hearing that he had broken yet another insecure encryption program, we e-mailed Casimir and challenged him to break Kremlin. We even gave him the source code. After over a month of examining the source code, Casimir e-mailed us and admitted defeat, saying "OK, you

won. I surrender!". It would take you months of your time and tens of thousands of dollars to write, optimize, and secure (including paying for outside security consultants) your own encryption routines. And your solution would most likely never have been torture-tested by over 50,000 users!

Kremlin SDK Features
The Kremlin SDK comes with
• • • •

full source code; detailed manual that documents every function; extensive example applications; free technical support for 30 days (additional years of technical support can be purchased).

And this isn't normal technical support; we function as security consultants and can review your usage of the Kremlin SDK for possible security loopholes. We can even write the encryption code for you. The Kremlin SDK can be distributed royalty free with your application. And there's also a 90 day money-back guarantee; if you purchase the Kremlin SDK and decide you don't like it, you can get all of your money back (including possible technical support contracts) any time within three months after the purchase. It takes only a few lines of C code to add powerful cryptography to any application. See how easy to use Kremlin SDK in your application: imagine you need to write a utility that can encrypt files command prompt with the following syntax:
Example.exe password archivename file1 [file2] [file3]...

Thus Crptography is explained with case study.