| Xidie
Secure Archives Content
Overview
Xidie secure -archives is a files and folders encryption utilities, protecting your
files with a key built from a password or a key disk, so that only you have access to the
contents. Also Xidie secure-archives implements a public key encryption algorithm that
allow you to securely send documents over an un-secure communication. Xidie implements
more encryption algorithms some of them well recognised in the security branch like AES or
Triple Des and some of them originally developed by author (DX and MDX). Today we are in
the information age and encrypting data becomes more and more important for most of us.
There are many reasons why data have to be protected from unauthorized access. Business
documents, medical data, our work, original paper, there are many documents that must be
un-accessible to other people. And to protect these documents we must use solutions that
involve strong encryption algorithms (cryptography) like Xidie does. Using just
cryptography like in this module or in combination with steganography like in
steganography module, using various symmetric or asymmetric encryption algorithms, Xidie
assure confidentiality of your data at a high level of security. Xidie allows you to
encrypt not only file data, but also other sensitive archive areas: file names, sizes,
attributes, comments and other blocks. Without a password it is impossible to view even
the list of files in archive encrypted in such mode. Xidie implements and uses some
proprietary encryption algorithms and some standard encryption algorithms. And remember
that if you lose your password, you will unable to retrieve the encrypted files, not even
the Xidie author is able to extract encrypted files.
Top
The process of encrypt-decrypt
data
In cryptography, a cipher is an algorithm for performing encryption and decryption - a
series of well-defined steps that can be followed as a procedure. In most cases, that
procedure is varied depending on a key which changes the detailed operation of the
algorithm. In non-technical usage, a "cipher" is the same thing as a
"code"; however, the concepts are distinct in cryptography. In classical
cryptography, ciphers were distinguished from codes, which operated by substituting
according to a large codebook. The original information is known as plaintext, and the
encrypted form as cipher-text. The cipher-text message contains all the information of the
plaintext message, but is not in a format readable by a human or computer without the
proper mechanism to decrypt it; it should resemble random gibberish to those not intended
to read it. The operation of a cipher usually depends on a piece of auxiliary information,
called a key. The encrypting procedure is varied depending on the key, which changes the
detailed operation of the algorithm. A key must be selected before using a cipher to
encrypt a message. Without knowledge of the key, it should be difficult, if not
impossible, to decrypt the resulting cipher-text into readable plaintext. Symmetric
algorithms use the same key for encryption and decryption. The strength of a symmetric
algorithm is usually specified by the key length. DES, for example uses 56-bit keys,
whereas Blowfish uses 128-bit keys. The greater the number of bits in the key the more
secure the encrypted data is. Symmetric algorithms are the most popular encryption
algorithms, mainly because they tend to be fast (essentially all symmetric algorithms
shuffle and manipulate the bits in your plaintext and the bits in the key through several
similar cycles) and hence are very efficient at encrypting large amounts of data. Public
key algorithms use a different key for encryption and decryption, and the decryption key
cannot (practically) be derived from the encryption key. Public key methods are important
because they can be used to transmit encryption keys or other data securely even when the
parties have no opportunity to agree on a secret key in private. All known methods are
quite slow, and they are usually only used to encrypt session keys (randomly generated
"normal" keys), that are then used to encrypt the bulk of the data using a
symmetric cipher. The general encryption/decryption process works as follows. The
plaintext is encrypted with the encryption algorithm. The algorithm uses a key to perform
the encryption. This key is usually a sequence of bits that we choose to be as random as
possible, so that it's hard to guess. The length of the key varies according to the
algorithm used. After this step, we have the cipher-text, which we can safely store on an
un-secure disk or send to someone over an insecure transmission medium. The recipient of
the cipher-text then decrypts it with the corresponding decryption algorithm, using the
decryption key, to produce the original plaintext message.
Top
Using Xidie secure archives
Create a new secure archive
In order to create a new archiveyou must follow three steps:
- First at all you must add files and or folders to it. To add files to archive press
Select and add files to archive. In the Windows dialog window, keep Ctrl taste pressed to
select more than one files. To add an entire folder to archive press Select and add folder
to archive.
- Specify the archive name,
- Set the password and security options (only for advanced interface)
Unpack an archive
To unpack an archive you must follow these steps:
Select archive. Xidie archives have a ".exc" extension.
Set the password and security options (only for advanced interface)
Top
Set password and security options
Whatever interface select, the processes of encrypt/decrypt data are the same. You must
enter a password for symmetric encrypt/decrypt process. This password could be typed or
could be random generated. If you type the password yourself you must retype the password.
To generate a random password you could change the password length and you could choose
between characters used to generate the password (all characters, numeric, uppercase and
lowercase characters and base 64 characters). Passwords could be saved as a key disk (on
removable disk like floppy or secure disks). Do not use common words, such as the name of
your cat, husband, wife, daughter, telephone number, the numbers of your birthday or year,
not even in reversed order. You can be sure these passwords will be tried out first. If
you don't want to use passwords with extra characters like "&%$*" then use
passwords at least 12 letters long. Use random password generator and save password on an
removable like floppy, SD cards etc. Use numbers or binary values. Do not forget your
password! Use key disks, if you cannot remember passwords but keep the key disk in a
secure place (don't forget it on your desk eventually near computer). There are no
possibilities to restore files encrypted with Xidie with an unknown password. If the
password or the key disk is lost or damaged respectively, you will never be able to
decrypt your files. The program does not store the keys, neither in an encrypted file nor
anywhere else. The password is even deleted in memory after its usage. Supplementary,
advanced interface offer some special features like: Create or run Script files. To
automate the daily jobs Xidie offers you script files. A script is nothing more than a
description which tells the program what to do and how to do it. So if you want to execute
the same job (to encrypt/decrypt same files every day) you will save this info as a
script.
Top
Advanced security options
Allow user to set the encryption algorithm and the digest algorithm used in symmetric
encryption. There are four classic encryption algorithms implemented in Xidie: Rijndael
Triple DES DES RC2 Also Xidie implements four variants of a new encryption algorithm
developed by the author of Xidie, generic named DX with variable block length (257, 1023,
8191 and 100000 bytes) from you could choose on advanced interface. By default Xidie use
Rijndael encryption algorithm in all the others interface. As hash algorithm (also known
as digest algorithm) Xidie use by default SHA512 but also implement other four digest
algorithms (SHA384, SHA256, SHA1 and MD5) from you could choose on advanced interface. On
advanced interface you will need to set the encryption algorithm and digest algorithm only
on creating archive process. On decrypt process, Xidie know encryption and digest
algorithm used on encryption process, so you don't need to remember what encryption
algorithm you used when you encrypt data. Batch scripts Another new option on Xidie
represents
Top
Batch scripts (extension .bat).
With batch files, which are also called batch programs or scripts, you can simplify
routine or repetitive tasks. A batch file is an unformatted text file that contains one or
more commands and has a .bat or .cmd file name extension. When you type the file name at
the command prompt, Cmd.exe runs the commands sequentially as they appear in the file. You
can include any command in a batch file. Certain commands, such as for, goto, and if,
enable you to do conditional processing of the commands in the batch file. So if you want
to execute the same job (decrypt this archive every day in the same folder or to make an
archive containing same files every day) Xidie will save this info automatic as a script.
Next time you want to do this job you must simply run the saved batch file. Unlike Xidie
scripts that need to start Xidie first in order to run the script, batch scripts didn't
need to start Xidie to run a script. When you run a batch file created with Xidie, the
application Xidie will start automatically, will execute the jobs specified in file
(script) and then will close without any user interaction (except secure archives where
user will be asked to introduce password). The great advantages of batch files created
with Xidie: automatically create archives (secured or not) or unpack archives (secured or
not) with no user interaction required. And to create a batch file, all the command line
parameters are set-up automatic by Xidie with no user interaction (just specify the batch
file name where to save the script). You do not need to specify any arguments, all the
hard work of setting up complex commands is done for you by Xidie and you don't need to
have any special knowledge. Xidie make all the jobs for you! More advanced users can
always run Xidie directly from command prompt (by typing the required parameters on the
command line) or could create and save scripts using a text editor or even modify existing
scripts. Available scripts on this module: Create encrypted archives (select files and
folders to add to archive and set the archive name). When will run the script user will be
asked about password (security options). Create folder encrypted archives (select folder
to add to archive and set the archive name). When will run the script user will be asked
about password (security options). The main purpose for batch scripts is automatically
backups of your data but many others could be added. After you create a batch file with
Xidie you could use Scheduled Tasks from Microsoft Windows to run it at a time that is
most convenient for you.
Top
How Public Key encryption work on
Xidie
Also on advanced interface Xidie implements a new and original public key encryption
algorithm named MDX. In order to securely communicate with a thirty part first at all you
must select the system key (see description bellow). After you select the system key, all
public keys belonging this system key will be loaded. Select your public key and the
opponent public key and enter the pair of key used to generate your public key. If you
enter the correct pair of keys then you could generate the encryption key that will be
used to encrypt/decrypt documents. Like in any public key encryption algorithm MDX use a
pair of key (the public key and the private key). In plus MDX use a system key. A system
key represents an organizational key and is used to generate the public and the private
key. In order to use MDX to securely communicate with a thirty part both parts must use
the same system key. Xidie implements a system key manager that allow user to generate a
new system key or to import a system key generated by a thirty part. In order to generate
a new pair of key (public and private) user must select the system key and to complete the
fields with supplementary info (name, phone, e-mail, address). To generate a new key you
must enter a pair of keys with a length greater then or equal to 8 characters. You must
remember this pair of key because every time you use this public key you must enter this
pair of key. This pair of keys will be your secret so never reveal them to a thirty part.
This pair of key is like PIN code of your credit card or mobile phone so keep them only
for you!
Suppose Bob and Alice wants to securely communicate. First Bob will generate a new
system key. Then Bob will generate his public key using previous generated system key and
a pair of keys. This pair of keys will be the Bob secret and he will never reveal to a
thirty part. Bob will send his public key and the system key to Alice. Alice will import
Bob system key in she's system. Then Alice will import Bob's public key in her system.
After that Alice will generate the public key using a pair of keys. This pair of keys will
be the Alice secret and she will never reveal to a thirty part. Alice will send her public
key to Bob. Bob will import Alice's public key in his system. Now Bob and Alice are ready
to securely communicate.
Suppose Bob want to send a secure message to Alice. He will select the common system
key then will select his public key and Alice public key. To generate encryption key Bob
must enter the pair of key used when he generate his public key and then to press Generate
encryption key button. His message will be encrypted and only Alice will be capable to
read his message. Now suppose Alice receive the message from Bob and she wants to read it.
She will select the common system key and then she will select her public key and Bob
public key. To generate encryption key Alice must enter the pair of key used when Alice
generates her public key and then to press Generate encryption key button. Bob's message
will be decrypted if the pair of keys is correct.
Even MDX look to be more complicated than other public key systems, its offer more
transparency to encryption process. Your public key depends only on this pair of keys
used. For example, on RSA encryption algorithm, public key is generated using two random
prime numbers but you never know if this numbers are really random (only the software
developer known exactly).
Top
Secure archives from Windows
Explorer
Overview
Another advantage of using Xidie is shell integration which means that several
additional items will be added to the standard file and folder contextual menus which
appear when you click the right mouse button on a file icon in Windows Explorer. That is,
you don't need to start Xidie in order to create a secure archive or to unpack a Xidie
secure archive. For example, simply double-click on the archive icon and you open the
Xidie archive or right click on Xidie archive icon and from contextual menu select what do
you want to do. Or right click on any file or folder icon from Windows explorer and you
could directly archive (secure or not) with a single mouse click!
How to open an archive from Windows Explorer or
Desktop
Xidie secured archives have extension .exc. There are two modes to open Double click on
archive icon and Xidie will open selected archive and you must supply the password used
when archive was created. After this press unpack selected archive and done. The archive
will be unpacked in selected folder. From the unpacked archive content list you have more
options (right click on an item) like open file, open file with Wordpad, find target and
delete file. Another way to open (unpack) an archive from Windows shell is by using
contextual menus that appear when you right click on an archive icon. There are two
contextual menus: 1. Unpack Xidie secure archive. You must supply the destination folder
(where to unpack the archive). Because archive is secured you must supply the password
used when archive was created. After this press unpack selected archive and done. The
archive will be unpacked in selected folder. 2. Unpack Xidie archive to current folder.
Because archive is secured you must supply the password used when archive was created. The
archive will be unpacked in the parent folder of archive. Xidie encrypt not only file
data, but also other sensitive archive areas: file names, sizes, attributes, comments and
other blocks. Without a password it is impossible to view even the list of files in
archive encrypted in such mode. Xidie implements and uses some proprietary encryption
algorithms and some standard encryption algorithms. And remember that if you lose your
password, you will unable to retrieve the encrypted files, not even the Xidie author is
able to extract encrypted files.
How to create archives from Windows Explorer or
Desktop
For common files and folders Xidie adds this item to contextual menu: "Add
file/folder to Xidie secure archive" You could add a single file or a single folder
to a new secure archive. If you want to add multiple files and folders to a new archive,
you must move or copy all files and/or folders into a new folder by using Windows Explorer
interface. Or start Xidie and use Xidie interface to add multiple files and folder to a
single archive. The archive will be named with the same name as original file but will
replace original extension with a new one (.exc for secured archive) When you run this
command, you call Xidie to add selected file or folder to a new archive and you'll be
asked to supply a password and some security options in Set security options dialog. After
you supply this information Xidie will create the encrypted archive without other
information. Steps: Select the file or the folder you are going to archive from Windows
Explorer, press the right mouse button on the selected file/folder and choose "Add to
Xidie secure archive". Enter the password and done. "Set the password and
security options" are described in details in "Secure archives section".
Top
More about cryptography and
encryption process
General
In cryptography, encryption is the process of obscuring information to make it
unreadable without special knowledge, sometimes referred to as scrambling. Encryption has
been used to protect communications for centuries, but only organizations and individuals
with an extraordinary need for secrecy had made use of it. In the mid-1970s, strong
encryption emerged from the sole preserve of secretive government agencies into the public
domain, and is now used in protecting widely-used systems, such as Internet e-commerce,
mobile telephone networks and bank automatic teller machines. Encryption can be used to
ensure secrecy, but other techniques are still needed to make communications secure,
particularly to verify the integrity and authenticity of a message; for example, a message
authentication code (MAC) or digital signatures. Another consideration is protection
against traffic analysis. The best algorithm are secure not because the algorithm used is
secret, but because research has shown that the cipher is unbreakable. The security of
encrypted data is not a consequence of keeping the encryption algorithm secret.
Cryptographers have researched the standard encryption algorithms over the years since
they were proposed, trying to break them through various types of attacks. The best
algorithms are secure not because the algorithm used is secret, but because research has
shown that the cipher is unbreakable. Be wary of encryption products that don't specify
which algorithm is used or that use 'a new secret cipher. Instead, the best encryption
algorithms derive their security entirely though the secrecy of the keys used. Keep your
keys secret, and your encrypted data will be safe. Encryption can be thought of as locking
something valuable into a strong box with a key. Conversely, decryption can be compared to
opening the box and retrieving the valuable item. On computers, sensitive data in the form
of e-mail messages, files on a disk, and files being transmitted across the network can be
encrypted using a key. Encrypted data and the key used to encrypt data are both
unintelligible. In cryptography, a cipher is an algorithm for performing encryption and
decryption - a series of well-defined steps that can be followed as a procedure. In most
cases, that procedure is varied depending on a key which changes the detailed operation of
the algorithm. In non-technical usage, a "cipher" is the same thing as a
"code"; however, the concepts are distinct in cryptography. In classical
cryptography, ciphers were distinguished from codes, which operated by substituting
according to a large codebook. The original information is known as plaintext, and the
encrypted form as cipher-text. The cipher-text message contains all the information of the
plaintext message, but is not in a format readable by a human or computer without the
proper mechanism to decrypt it; it should resemble random gibberish to those not intended
to read it. The operation of a cipher usually depends on a piece of auxiliary information,
called a key. The encrypting procedure is varied depending on the key, which changes the
detailed operation of the algorithm. A key must be selected before using a cipher to
encrypt a message. Without knowledge of the key, it should be difficult, if not
impossible, to decrypt the resulting cipher-text into readable plaintext. Most modern
ciphers can be categorized in several ways: By whether they work on blocks of symbols
usually of a fixed size (block ciphers), or on a continuous stream of symbols (stream
ciphers). By whether the same key is used for both encryption and decryption (symmetric
key algorithms), or if a different key is used for each (asymmetric key algorithms). If
the algorithm is symmetric, the key must be known to the recipient and to no one else. If
the algorithm is an asymmetric one, the encyphering key is different from, but closely
related to, the decyphering key. If one key cannot be deduced from the other, the
asymmetric key algorithm has the public/private key property and one of the keys may be
made public without loss of confidentiality. The Feistel cipher uses a combination of
substitution and transposition techniques. Most (block ciphers) algorithms are based on
this structure. Typically, public key encryption is not used to encrypt large amounts of
data. However, public key cryptography does offer an efficient method to send someone the
secret key that is used when a symmetric encryption operation is performed on a large
amount of data. As an example, suppose Bob wants to send Alice a large number of encrypted
files. For performance reasons, he will use a symmetric encryption key algorithm, such as
Data Encryption Standard (DES), to encrypt the data. To send the encrypted data and the
DES secret key needed to decrypt the data securely, Bob will encrypt the secret key with
Alice's public key obtained from her certificate. Because her public key was used to
encrypt the secret key, Alice, using her private key, will be the only one able to decrypt
the DES secret key and thus decrypt the DES-encrypted data. Public key encryption is a
method of encryption that uses two encryption keys that are mathematically related. One
key is called the private key and is kept confidential. The other is called the public key
and is freely given out to all potential correspondents. In a typical scenario, a sender
uses the receiver's public key to encrypt a message. Only the receiver has the related
private key to decrypt the message. The complexity of the relationship between the public
key and the private key means that, provided the keys are long enough, it is
computationally infeasible to determine one from the other. Public key encryption is also
called asymmetric encryption.
Top
Glossary
Public key infrastructure (PKI) The term generally used to describe the laws, policies,
standards, and software that regulate or manipulate certificates and public and private
keys. In practice, it is a system of digital certificates, certification authorities, and
other registration authorities that verify and authenticate the validity of each party
involved in an electronic transaction. Standards for PKI are still evolving, even though
they are being widely implemented as a necessary element of electronic commerce.
Certificate represents a digital document that is commonly used for authentication and
secure exchange of information on open networks, such as the Internet, extranets, and
intranets. A certificate securely binds a public key to the entity that holds the
corresponding private key. Certificates are digitally signed by the issuing certification
authority and can be issued for a user, a computer, or a service. The most widely accepted
format for certificates is defined by the ITU-T X.509 version 3 international standard.
Encryption represents the process of disguising a message or data in such a way as to hide
its substance. Symmetric encryption is an encryption algorithm that requires the same
secret key to be used for both encryption and decryption. Because of its speed, symmetric
encryption is typically used when a message sender needs to encrypt large amounts of data.
Symmetric encryption is also called secret key encryption.
Top
Public key cryptography
A method of cryptography in which two different keys are used: a public key for
encrypting data and a private key for decrypting data. Public key cryptography is also
called asymmetric cryptography. Private Key represents the secret half of a cryptographic
key pair that is used with a public key algorithm. Private keys are typically used to
decrypt a symmetric session key, digitally sign data, or decrypt data that has been
encrypted with the corresponding public key. Public key represents the non-secret half of
a cryptographic key pair that is used with a public key algorithm. Public keys are
typically used when encrypting a session key, verifying a digital signature, or encrypting
data that can be decrypted with the corresponding private key. Public Key Cryptography
Standards (PKCS) A family of standards for public key cryptography that includes RSA
encryption, Diffie-Hellman key agreement, password-based encryption, extended-syntax,
cryptographic message syntax, private key information syntax, and certificate request
syntax, as well as selected attributes. Developed, owned, and maintained by RSA Data
Security, Inc. Public key encryption is a method of encryption that uses two encryption
keys that are mathematically related. One key is called the private key and is kept
confidential. The other is called the public key and is freely given out to all potential
correspondents. In a typical scenario, a sender uses the receiver's public key to encrypt
a message. Only the receiver has the related private key to decrypt the message. The
complexity of the relationship between the public key and the private key means that,
provided the keys are long enough, it is computationally infeasible to determine one from
the other. Public key encryption is also called asymmetric encryption. The term generally
used to describe the laws, policies, standards, and software that regulate or manipulate
certificates and public and private keys. In practice, it is a system of digital
certificates, certification authorities, and other registration authorities that verify
and authenticate the validity of each party involved in an electronic transaction.
Standards for PKI are still evolving, even though they are being widely implemented as a
necessary element of electronic commerce. Software code obfuscation use encryption and is
used in software copy protection against reverse engineering, unauthorized application
analysis, cracks and software piracy. Key-Generators For each symmetric cipher, there is a
Key Generator that can be used to generate random keys for that cipher. Cryptography is by
definition the art of writing or deciphering messages in code or the system used in a code
or cipher. Cipher represent a system of secret writing based on a key, or set of
predetermined rules or symbols and also a message in such writing. Steganography is by
definition the art of hiding messages into another support (like bitmap file, wave files
etc). Password represent a secret word or group of any characters used for identification
or for gaining entrance.
Top
Symmetric Ciphers
Symmetric algorithms use the same key for encryption and decryption. The strength of a
symmetric algorithm is usually specified by the key length. DES, for example uses 56-bit
keys, whereas Blowfish uses 128-bit keys. The greater the number of bits in the key the
more secure the encrypted data is. Symmetric algorithms are the most popular encryption
algorithms, mainly because they tend to be fast (essentially all symmetric algorithms
shuffle and manipulate the bits in your plaintext and the bits in the key through several
similar cycles) and hence are very efficient at encrypting large amounts of data. There
are two main types of symmetric ciphers: block ciphers and stream ciphers. Symmetric
Stream Ciphers Stream ciphers encrypt data one bit at a time. A stream of plaintext
(unencrypted) bits flows in one side, and a stream of ciphertext (encrypted) bits flows
out the other. At least, this is the way it works mathematically; in practice, the data is
always encrypted in byte units. Ciphertext encrypted with stream ciphers is always the
same size as the original plaintext. The essential mathematical process is the XOR
operation. A stream of random bits is produced and each bit of plaintext is XORed with a
random bit to produce a ciphertext bit. The essence of a stream cipher is then how the
random bits are produced. Also, the stream of random bits must be reproducible otherwise
decryption wouldn't work. Stream ciphers are not generally considered as secure as block
ciphers. They are attacked through analyzing the random bit generator. On the plus side,
stream ciphers do tend to be the fastest ciphers. Error propagation is usually minimized
when stream ciphers are used. If a bit of cipher-text gets garbled, many stream cipher
algorithms will produce only a single bit of garbled plaintext. Notes on Symmetric Block
Ciphers Although block ciphers define how to encrypt a single block of plaintext,
generally the algorithms do not discuss what to do about encrypting a sequence of blocks,
or encrypting a block of data that is smaller than the algorithm's block size. There are
two main methods for encrypting a sequence of blocks. Either the blocks are treated
independently and the cipher is used on each block without reference to what has gone
before, or the results of encrypting previous blocks affect the encryption of the current
block. These two methods are formally known as the Electronic Codebook (ECB) mode and
Cipher Block Chaining (CBC) mode, respectively. ECB mode encrypts each block
independently. Identical blocks of plaintext (either in the same message or in a different
message that is encrypted with the same key) are transformed into identical ciphertext
blocks. If the plaintext to be encrypted contains substantial repetition, then it is
feasible for the ciphertext to be broken one block at a time. It is also possible for
someone to replace individual blocks in some kind of attack. With ECB mode, if a single
bit of the ciphertext block is garbled, then the entire corresponding plaintext block is
also garbled, but the corruption does not spread. CBC mode, on the other hand, adds a
feedback mechanism. The results of the encryption of previous blocks are fed back into the
encryption of the current block. Each ciphertext block is dependent not only on the
plaintext block that generated it, but also on all previous plaintext blocks. This ensures
that even if the plaintext contains many identical blocks, they each encrypt to a
different ciphertext block. At the expense of some extra work (maintaining the feedback
register and the XOR operation), the resulting ciphertext is more secure. As with ECB
mode, if a single bit of the ciphertext block is garbled, then the corresponding plaintext
block is also garbled. In addition, a bit in the subsequent plaintext block (in the same
position as the original garbled bit) is garbled. Synchronization errors are fatal. If
there are extra or missing bytes in the ciphertext, the plaintext is garbled from that
point on. CBC mode works like this. After a plaintext block is encrypted, the resulting
ciphertext is stored in a feedback register (it's a simple buffer). Before the next
plaintext block is encrypted, it is XOR'ed with the feedback register. The result is then
encrypted with the cipher. The resulting ciphertext is again stored in the feedback
register, and the cyclew is repeated with the next plaintext block. Decryption is just as
straightforward, if a little more involved. It involves two feedback registers, the output
register and the input register. A ciphertext block is stored in the output feedback
register and is then decrypted normally. This decrypted block is then XORed with the input
register to produce the plaintext block. The output register is then copied to the input
register and the cycle is repeated with the next ciphertext block. Although CBC mode
forces identical plaintext blocks to encrypt to different ciphertext blocks, messages that
start with the same data will encrypt the same way up until the first difference since the
initial plaintext blocks are identical. Encrypting random data as the first block can
prevent this. This block of random data is called the initialization vector. An
initialization vector is random data, usually the same number of bits as the block size,
which is used as a starting point when encrypting a set of data. The initialization vector
has no meaning; it's just there to make each message unique. When the block containing the
initialization vector is decrypted, it is just used to fill the feedback register and is
otherwise ignored. A timestamp often makes a good initialization vector, but any random
bits can be used.
Top
Public Key Algorithms
Public key algorithms use a different key for encryption and decryption, and the
decryption key cannot (practically) be derived from the encryption key. Public key methods
are important because they can be used to transmit encryption keys or other data securely
even when the parties have no opportunity to agree on a secret key in private. All known
methods are quite slow, and they are usually only used to encrypt session keys (randomly
generated "normal" keys), that are then used to encrypt the bulk of the data
using a symmetric cipher (see below).
RSA (Rivest-Shamir-Adelman) is the most commonly used public key algorithm. Can be used
both for encryption and for signing. It is generally considered to be secure when
sufficiently long keys are used (512 bits is insecure, 768 bits is moderately secure, and
1024 bits is good). The security of RSA relies on the difficulty of factoring large
integers. Dramatic advances in factoring large integers would make RSA vulnerable. RSA is
currently the most important public key algorithm. At present, 512 bit keys are considered
weak, 1024 bit keys are probably secure enough for most purposes, and 2048 bit keys are
likely to remain secure for decades. One should know that RSA is very vulnerable to chosen
plaintext attacks. There is also a new timing attack that can be used to break many
implementations of RSA. The RSA algorithm is believed to be safe when used properly, but
one must be very careful when using it to avoid these attacks.
Diffie-Hellman is a commonly used public-key algorithm for key exchange. It is
generally considered to be secure when sufficiently long keys and proper generators are
used. The security of Diffie-Hellman relies on the difficulty of the discrete logarithm
problem (which is believed to be computationally equivalent to factoring large integers).
Diffie-Hellman is claimed to be patented in the United States, but the patent expires
April 29, 1997. There are also strong rumors that the patent might in fact be invalid
(there is evidence of it having been published over an year before the patent application
was wiled). Diffie-Hellman is sensitive to the choice of the strong prime and the
generator. One possible prime/generator pair is suggested in the Photuris draft. The size
of the secret exponent is also important for its security. Conservative advice is to make
the random exponent twice as long as the intended session key. One should note the results
presented in Brian A. LaMacchia and Andrew M. Odlyzko, Computation of Discrete Logarithms
in Prime Fields, Designs, Codes and Cryptography 1 (1991), 47-62. Basically, they conclude
that by doing precomputations, it is possible to compute discrete logarithms relative to a
particular prime efficiently. The work needed for the precomputation is approximately
equal or slightly higher than the work needed for factoring a composite number of the same
size. In practice this means that if the same prime is used for a large number of
exchanges, it should be larger than 512 bits in size, preferably 1024 bits. Elliptic curve
public key cryptosystems is an emerging field. They have been slow to execute, but have
become feasible with modern computers. They are considered to be fairly secure, but
haven't yet undergone the same scrutiny as for example RSA. ElGamal public key
cryptosystem. Based on the discrete logarithm problem. See e.g. Bruce Schneier: Applied
Cryptography, John Wiley and Sons, 1994. LUC is a public key encryption system. It uses
Lucas functions instead of exponentiation.
Top
Symmetric Stream Ciphers vs. Block Ciphers
Stream ciphers encrypt data one bit at a time. A stream of plaintext (unencrypted) bits
flows in one side, and a stream of ciphertext (encrypted) bits flows out the other. At
least, this is the way it works mathematically; in practice, the data is always encrypted
in byte units. Ciphertext encrypted with stream ciphers is always the same size as the
original plaintext. The essential mathematical process is the XOR operation. A stream of
random bits is produced and each bit of plaintext is XORed with a random bit to produce a
ciphertext bit. The essence of a stream cipher is then how the random bits are produced.
Also, the stream of random bits must be reproducible otherwise decryption wouldn't work.
Stream ciphers are not generally considered as secure as block ciphers. They are attacked
through analyzing the random bit generator. On the plus side, stream ciphers do tend to be
the fastest ciphers. Error propagation is usually minimized when stream ciphers are used.
If a bit of ciphertext gets garbled, many stream cipher algorithms will produce only a
single bit of garbled plaintext.
Top
 |
Xidie Security Suite
Today we are in the information age and securing information
becomes more and more important for most of us. By combining cryptography with
steganography, by using strong compression algorithms, well recognized and new encryption
algorithms, classic and new steganographic techniques, Xidie security suite is one of the
top software steganography and encryption tools. |
Xidie Security Suite
Copyright (C) 2004-2007 Laic Aurelian All rights
reserved. |
2_thumb.jpg)
