home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
High Voltage Shareware
/
high1.zip
/
high1
/
DIR9
/
PCRYPT80.ZIP
/
PC-CRYPT.DOC
< prev
next >
Wrap
Text File
|
1993-10-01
|
31KB
|
588 lines
Cover
PC-CRYPT
Data Encryption and Decryption Program
Version 8.0 1 October 1993 Supercedes all prior versions
Copyright 1993 by
James T. Demberger
9862 Lake Seminole Drive West
Seminole, FL 34643
813-397-2930
CompuServe 74425,1642
PC-CRYPT is NOT a public domain program. The program and
documentation for PC-CRYPT may be freely copied for archive or working
copies as outlined in copyright regulations. PC-CRYPT files as noted in
the Miscellaneous Notes section may be made available thru clubs or user
groups, program libraries or on remote access data bases or bulletin
boards subject to the export restrictions outlined in the EXPORT WARNING
section.
Disclaimer
The PC-CRYPT program and associated documentation is provided on
an "as is" basis without warranty of any kind, expressed or implied.
Anyone using this software assumes all risks as to the quality and
performance of the software. The author disclaims all liability for
any special, incidental, consequential, direct or indirect damages
due to either proper and improper use of the program.
Table of Contents
Introduction - - - - - - - - - - - - - - 1
System Requirements - - - - - - - - - - - 1
Vernam Encryption - - - - - - - - - - - - 1
Functional Outline of PC-CRYPT - - - - - 1
Keyword or Phrase Input - - - - - - - 2
Random Number Generator - - - - - - - 2
Keyfile Generation - - - - - - - - - - 2
Encryption and Decryption - - - - - - 3
Using Keyfiles as One-Time-Pads - - - 3
Running PC-CRYPT from Menu - - - - - - - 4
Select Keyword or Phrase - - - - - - - 4
PC-CRYPT Menu - - - - - - - - - - - - 5
Encrypt & Decrypt Test Strings - - - - 5
Processing Disk Files - - - - - - - - 5
Running PC-CRYPT from Command Line - - - 5
Transmitting Encrypt Files - - - - - - - 6
Double Encryption - - - - - - - - - - - - 6
Keyword Security - - - - - - - - - - - - 6
Are PC-CRYPT Encrypt Files Unbreakable? - 7
Customizing PC-CRYPT - - - - - - - - - - 7
Basic Source Code for PC-CRYPT - - - - - 8
Miscellaneous Notes - - - - - - - - - - - 9
EXPORT WARNING - - - - - - - - - - - - - 9
Page 1
Introduction
The PC-CRYPT software has four main functions:
a: Demonstration of the Vernam encryption and decryption process.
b: Outline operation of program and algorithms used by the program.
c: Encryption and decryption of disk files using Vernam encryption
and decryption combined with use of random or O-T-P keyfiles.
d: Provide Basic source code that can be run as is or that can be
modified to meet specific user requirements.
System Requirements
The program requires an IBM computer or compatible running DOS with
color or monochrome display and one or more disk drives. File storage
space must be available equal to twice the size of the largest file to
be encrypt or decrypt.
Vernam Encryption
In 1917, long before the age of electronic computers, Gilbert S.
Vernam developed an encryption process for messages punched in paper
tape using Baudot or five channel teletype code. He used the
electro-mechanical equivalent of a logical exclusive OR operation (XOR)
on each character code in a message tape and a corresponding random
character code in a key tape to produce a third tape with the encrypt
message. Decryption used the same process except that a tape with the
encrypt message and a copy the key tape were XORed to produce the
decrypt message. PC-CRYPT uses essentially the same process to encrypt
and decrypt disk files. Each character in a clear text file is XORed
with the corresponding character in a virtual key file of random
eight-bit codes to produce a cipher text file. The program uses the same
virtual key file to decrypt the cipher text file and produce a copy of
the original clear text file.
One problem with the original Vernam process related to the key
tapes. For a secure system, the characters in the key tapes had to be
in random order and the number of characters in a key tape had to exceed
the number of characters in the message to be encrypt. A duplicate of
key tapes had to furnished to anyone who needed to decrypt messages. The
physical security of the miles of paper tape was another problem.
PC-CRYPT can generate thousands of different virtual random keys with
lengths of 14,457,349 bytes. There is no need to store these virtual
keys as a file since each of the virtual keys can be regenerated when
required for decryption of cipher text files.
The eXclusive OR function (XOR) performed by Vernam encryption and
decryption used by PC-CRYPT is "blind" as to the data in the input file.
Any input file is XORed to produce an output file. If a clear text file
is used as the input file, a cipher text output file is created. If a
cipher text file is used as the input file, a copy of the original clear
text file is created.
Functional Outline of PC-CRYPT
The following four sections outline the functional operation of
PC-CRYPT. The Basic source code for the program is in the file
PC-CRYPT.BAS. A reasonably proficient programmer, using this text and
the Basic source code, should be able to write a program in Basic,
Pascal, C or some other high level language that would have the same
functionality as PC-CRYPT.
Page 2
Keyword or Phrase Input
PC-CRYPT uses a keyword input routine to read a keyword or phrase
that may be up to 50 characters in length. The number of characters
required for the keyword or phrase is relative to number of hexadecimal
characters 0 thru 9 and A thru F (either lower or upper case) that are
entered. Other alphabetic and special characters are ignored. The
keyword input code treats the first eight hexadecimal characters entered
as four hexadecimal numeric pairs with this minor exception - no
duplication of any of the first three pairs is permitted. An error
message will be displayed if a duplicate pair is found and you will be
prompted to re-enter the keyword or phrase.
The first three pairs of hexadecimal characters are used to set the
decimal values for the pointers used for key file generation and the
fourth pair is used to set a value for a seed for the random number
generator. The MOD function is used to reduce the maximum value for the
pointers to 239 for the first pointer, to 241 for the second pointer and
to 251 for the third pointer. The value for the seed for the random
number generator ranges from 0 to 255. Due to the use of the MOD
function, certain hexadecimal characters above EF for one pointer value
may result in a duplication of the pointer value for another pointer
that has a value from 00 to 0F. This duplication will result in the
error message mentioned in the previous paragraph.
Since the keyword input code accepts but ignores characters other
than hexadecimal characters, use of other than hexadecimal characters
for the keyword or phrase can be used to "hide" the characters actually
used as pointer values. For example, "SSN 123-45-6789" (= HEX 12 34 56
78) and "The 15 pound fat cat is hungry" (= HEX e1 5d fa ca) are
accepted as a valid keywords or phrases.
Random Number Generator
The random number generator used by PC-CRYPT is a pseudo random
number generator that will create an array or string of 256 random
numbers. A unique array is created for each of the seed numbers from 0
to 255. The random numbers in each array range in value from 0 to 255
with only one occurrence of each of the numbers in each array. PC-CRYPT
uses the 256 numbers in the array in "as generated" order however a
production version of the program might reverse the order of the 256
numbers or make some other transformation that will "customize" the
encryption pattern.
Since this pseudo random generator uses only integer values for
input and output, there is no precision problem such as would occur with
random number generators that have fractional numbers as output. The
compiled 8086/8088 machine code in a PC-CRYPT executable file works the
same way and produces the same random array for the same seed number
when run on a any computer system using a 80X86/88 processor.
Key file Generation
PC-CRYPT creates virtual random keyfiles. Each character of a key
file is generated as required using three numbers from an array or list
of 256 random numbers. Each of the virtual keyfiles may be as long as
14,457,349 bytes. The length is the result of recycling the random
numbers in the random number array using three nested loops with
counters that are reset to 1 after 239, 241 or 251 cycles. You might
note that 14,457,349 is the least common multiple of the three prime
numbers 239, 241 and 251.
Page 3
The initial counter or pointer settings are determined by three
values calculated from the keyword. Key file generation start at the
three random numbers pointed to by the initial pointer values. Since
each of the initial pointer values in effect defines a different virtual
key file, there are almost 14,457,349 potential keyfiles. Almost since
there are 239 + 239 hexadecimal values for the first and second pairs
that can not be used with the same value for the second or third pairs
and 2 values for the second pair that can not be used with the same
value for the third pair.
A key character is a random number resulting from the XOR operation
on the three random numbers in the random number array pointed to by the
current value of the three pointers. If we were to assume that the
random number in the first position of the random number array was a
zero and that initial setting of each of the three array pointers was 1,
the XOR value of the key character would be a "natural" zero (as
compared to a "calculated" zero that results from 1 XOR 2 XOR 3).
Assuming further that there was no other occurrence of a zero in the
random number array, the next "natural" zero (as opposed to a
"calculated" zero) will not occur until the recycling pointer values are
simultaneously reset to a value of 1. Key characters with "calculated"
zero value will probably occur at random intervals during the key file
generation.
Again assuming that the initial values of the three pointers was 1,
the pointer values will simultaneously return to 1 when the first
pointer value has recycled thru the random number array 60,491 times,
the second pointer value has recycled 59,989 times and the third pointer
has recycled 57,599 times. This will occur after 14,457,349 key
characters have been generated if the length of the clear text file is
14,457,349 bytes or longer in length.
Encryption and Decryption
Binary file input/output statements are used to read the clear or
cipher text input files and to write the cipher or clear text output
files. The method used by PC-CRYPT reads sequential 512 byte blocks
into a character string array and creates the encrypt or decrypt text in
another 512 byte character string array. If the length of the input
file is not a multiple of 512, a "short" or partial block is processed
as the last block. Each sequential character of an input block is XORed
with the next sequential key character from the virtual key file to
produce the corresponding sequential character in the output string.
Using Keyfiles as One-Time-Pads
One-Time-Pad (OTP) encryption systems are considered unbreakable. A
virtual key file generated by PC-CRYPT is in effect a OTP so long as the
keyword or phrase used to generate the key file is never reused.
Changing just one out of the four hex character by incrementing it by
one on a daily basis will provide enough different keywords to last for
more then eight months.
If your only interest is in files of random numbers for use as
OTPs, PC-CRYPT can be used to generate these files. A "nothing" file
consisting of a character string of the hexadecimal value 00 when
encrypt using any keyword or phrase will generate a file of the random
characters with decimal codes from 0 to 255. The file NULL.ZIP that is
Page 4
included with the other PC-CRYPT files can be unZIPped to the "nothing"
file NULL.1MB that is a string of 1,024,000 characters each with a
hexadecimal value of 00. If you have the hard drive space, you can
concatenate 15 of the million byte files and encrypt the 15 million byte
OTP file to verify that the first 239 bytes of the encrypt file are
repeated starting at the 14,457,350th position of the of the file. These
239 bytes in the same sequence do not appear anywhere prior to this
position however shorter sequences from these 239 bytes may be found
before the 14,457,350th position.
Running PC-CRYPT from Menu
From DOS ready key [dr:][\path\]PC-CRYPT then press the Enter key.
A default option is shown for the response to some of the prompts
displayed by the program. As an example, a prompt for a yes or no
response will display "y/N". Press Enter to take the no default option
indicated by the upper case N. Either a lower case y or an upper case Y
must be pressed for the yes response. If only lower case options or no
option is shown, an entry other than the Enter key must be used.
The first screen displayed by the program is the menu for keyword
or phrase input. This screen is also displayed as one of the options
from the main menu.
Select Keyword or Phrase
Press Enter for No visible display of Keyword OR
Press K for a visible display of Keyword only OR
Press D for display of pointers and random numbers
Old Keyword is
Enter new Keyword or phrase
Press any key to continue _
Press the Enter key for the no visible display of the keyword as it
is being entered if you don't want someone looking over your shoulder to
see the keyword. Press the K key to display both the currently selected
keyword and the new keyword being entered. An error message will be
displayed if an entered keyword or phrase does not have at least eight
hexadecimal characters and there is a duplication among the first three
hexadecimal pairs.
Press the D key for a visible display of the keywords and a display
of the hexadecimal and the decimal values for the loop pointers and
random number seed and the numbers in the random number array. The 256
random numbers generated using the seed for the random number generator
are displayed on the next 13 lines.
Page 5
PC-CRYPT MENU
K Select Keyword or Phrase
T Turn Timer On/Off
S Encrypt & Decrypt Test Strings
F Process Disk Files
S Shell to DOS
X Exit/End Program
Enter Option Letter _
Press K for the Select Keyword option if you wish to change the
keyword originally entered during the initial Select Keyword display.
Press T for a prompt to turn on or off a timer that will total
number of characters encrypt or decrypt and the total time required. The
total time is for encryption or decryption only and does not include
time for reading and writing files. The program uses these totals to
compute and display the thruput in characters per second. Timing is
accurate to approximately 1/18th of a second or +/- 555 characters if
the number of characters per second is around 10,000. Timings are not
displayed unless the total time is more than approximately 1/6 of a
second.
Encrypt & Decrypt Test Strings
The Encrypt & Decrypt Test Strings option displays a submenu from
which you may select four different types of character strings for
encryption and decryption. The clear text, cipher text and decrypt text
strings are displayed. This option is primarily used to look at the
pattern of characters produced when you encrypt strings of upper case,
lower case and numeric characters. Key board input of test records
accepts ASCII codes entered with the Alt key and numeric keys. In some
cases, a character may be encrypt as the same character. This is not an
error; it demonstrates that the XOR function is really working as it
should. Encryption may result in the generation of the hexadecimal code
07 (Bell code) in which case you will hear a beep when the encrypt text
is displayed.
Process Disk Files
When you select this option the following prompts and message will
be displayed:
Enter Input [dr:][\path\]filename.ext
Enter Output [dr:][\path\]filename.ext
Processing bytes
A running total is displayed as each 512 bytes of a file are
processed. Total processing time and bytes per second is displayed if
the timer option has been turned on. The output file will replace or
overlay any file with the same name and extension.
Running PC-CRYPT from Command Line
If your only need is to encrypt or to decrypt existing files,
PC-CRYPT may be run from the DOS command line by entering the keyword,
the input filename and the output filename. A command line example
follows:
Page 6
PC-CRYPT /KW=keyword /FI=dr:\path\fname.ext /FO=dr:\path\fname.ext
The command line parameters must be entered in the order shown;
/KW=keyword, /FI=filename for the clear text file to be encrypt or the
cipher text file to be decrypt, and /FO=filename for the encrypt cipher
text file or the decrypt clear text file. Should there be an error in
the command line parameters, i.e. /F0 instead of /FO or a file "not
found" for the input filename, an error message will be displayed that
will permit canceling the run or to resuming using the menu interface.
Transmitting Encrypt Files
An encrypt data file may be sent to another system for decryption
using a communications link or as a disk file. Since encrypt data files
may contain character strings corresponding to transmission control
codes, encrypt files should be transmitted as eight bit binary files
using XMODEM or some equivalent transmission protocol for binary files.
File compression utilities will only compress encrypt or cipher text
files by a very small percentage.
Double Encryption
The cipher text produced with PC-CRYPT is probably unbreakable.
However there is the possibility that a sufficiently fast and powerful
computer using an automated brute force decryption system combined with
some technique for clear text recognition might permit the decryption of
a file. Double encryption can be implemented by encrypting a cipher
text file a second time with a keyword different from that used for the
first encryption. The same two keywords must be used to decrypt the
double encrypt data. Use of any text recognition method is defeated by
double encryption since there is no way to determine which of the many
files produced by any attempt at decryption is really the target cipher
file rather than a file of computer generated "garbage".
As an alternative to using two passes for double encryption, the
program could be modified to use two different keywords simultaneously.
The XORed character output from the first keyword would be XORed with
the key character generated from the second keyword.
A much simpler double encryption system is possible thru the use of
password protected compressed files. The widely used PKZIP/PKUNZIP
compression utility programs can be used to compress or decompress
PC-CRYPT encrypt files. The documentation for PKZIP estimates the time
to "hack" an eight character (A thru Z) PKZIP password to be 241 days
assuming 10,000 tests per second. If the assumption is made that
hacking uses some form of text recognition to identify a possible
password, hacking will fail since there is nothing other than random
characters in the cipher text files produced by PC-CRYPT.
Keyword Security
The security of keywords or phrases is the most important factor in
the use of private key encryption systems. In the case of PC-CRYPT,
there is nothing secure about the form of a keyword - it is always four
pairs of hexadecimal characters. Since actual keywords can be "hidden"
in a list of names and Social Security numbers or as the date that a
file was created, there is no need to write a single keyword or list of
keywords in eight character hexadecimal format that can be recognized as
keywords or phrases.
Page 7
There are many different method for distribution of keywords
depending on the number of users that require knowledge of the keywords.
Lists of "hidden" keywords for use by different users can be distributed
by means of an encrypt file; the keyword or phrase for this file may be
furnished each user by any secure method. I'll leave how to handle the
distribution of the initial keyword up to to those who are going to make
use of PC-CRYPT.
Are PC-CRYPT Encrypt Files Unbreakable?
The algorithm used by the pseudo random number generator and the
method used to generate the 14,457,349 byte pseudo random keyfiles in
PC-CRYPT are public knowledge. A PC-CRYPT cipher text file is breakable
only in the sense that it is known that one of the 3,701,081,344
possible keywords will decrypt the file. Any brute force "try every
possible keyword" attempt to break a double encrypt file will produce
millions of files of which none can be recognized as the "broken" cipher
text file.
Neither the array of 256 numbers used by the program nor the
14,457,349 byte keyfiles are truly random since two or more copies of
the same compiled PC-CRYPT program will produce the same array of 256
numbers and the same key file when the same keyword is used. A cipher
text file produced by the program is truly random so long as the clear
text is not known. A clear text file known to have long strings of the
space character or repeated strings of text will not produce any
discernible pattern of characters in the cipher text file. In those
cases where there is a need to encrypt a file longer than 14,457,349
bytes in length, there will be nothing discernible in the cipher text
file to indicate the actual point where the key file is recycled.
Cipher text files produced with Vernam encryption using a random
key file with a length equal to or greater that the clear text to be
encrypt are considered to unbreakable unless the key file is known.
Cipher text files produced using a random One-Time-Pad key file for
encryption are considered to be unbreakable so long as the random
One-Time-Pad file is not reused. The cipher text files produced by the
PC-CRYPT program meet the conditions required to be considered to be
unbreakable for both Vernam and One-Time-Pad encryption.
Customizing PC-CRYPT
Many users will prefer to use a customized variation of the program
and to limit the distribution of the customized program to only
"authorized" users. The method PC-CRYPT uses to generate a specific set
of random codes and to set the points where encryption and decryption
starts using the random codes permits the creation of thousands of
different "customized" variations.
There are 24 major variations based on the way that PC-CRYPT uses
the four hexadecimal pairs to set the initial pointer values and the
seed for the random number generator. The first 3 pairs are used for
initial pointer values in 1, 2, 3 order while the 4th pair is used for
the random number seed. The pairs can be used in any order, e.i. 4, 3,
2, 1. With 24 different sequences available, any single keyword can
lead to any of 24 different encryption patterns.
Page 8
There are 256 random numbers is the random array used by the
program however only the first 239 numbers are used by the first pointer
loop, 241 numbers by the second loop and 251 by the third loop. All of
the pointers are reset to 1 when the have been incremented to their
maximum values. In the case of the first pointer, the maximum value
could be set to 256 and reset to 18 while still providing 239 random
numbers. The second and third pointers can be set to a maximum value of
256 and reset to 16 and 6 provide 241 and 251 random numbers
respectively. There are 18 sets of maximum values and reset values
available for the first pointer, 16 for the second and 6 for the third
pointer. These sets of values when combined with the 24 sequences of
random pair assignments will provide 24*18*16*6 or 41,472 different
variations of the PC-CRYPT program.
The number of different variations of PC-CRYPT can be double by
reversing the order in which the array of 256 random numbers used for
key file generation are stored. These random numbers are stored as
generated in order from 1 to 256; a change in one statement in the
program will store the numbers in reverse order from 256 down to 1.
The first use that should be made of any variation of PC-CRYPT that
you plan to use for actual encryption of sensitive data files should be
the encryption of the Basic source code file and any compiled executable
files for that variation. The security of the keyword or phrase used to
encrypt the source and compiled code files is even more important than
the security of the keywords or phrases that will be used to encrypt
other sensitive data files.
Basic Code for PC-CRYPT
The Basic source code for PC-CRYPT is in the file PC-CRYPT.BAS.
This source code file has statement lines for Power BASIC version 3.0
(PB) and for Quick BASIC version 4.5 and QBASIC (QB). The only
differences between these two BASIC dialects in so far as the program is
concerned are in the statements for the binary file input and output and
the fact that Command Line operation is not possible with QBASIC. The
PC-CRYPT.EXE file furnished with this software package was compiled with
Power BASIC version 3.0c. An EXE file compiled with Quick BASIC version
4.5 may run 1 or 2 percent faster than the Power BASIC EXE file however
the PB EXE file is much smaller (44,106 KB) than the QB EXE file (57,460
KB).
All statement lines peculiar either to PB or to QB have a REM PB or
REM QB comment at character position 60 (+/-). The source code file
will run as is under QB since the REM PB statements have a REM at the
beginning of the each of the REM PB statements. If you want to run or
compile the source code using Power Basic, make a copy of PC-CRYPT.BAS
and rename the copy to PB-CRYPT.BAS. Edit the PB copy to add a REM at
the beginning of each statement that has a REM QB and delete the REM
found at the beginning of each REM PB statement before you run or
compile the PB version.
The BASIC source code has been re-written over the years starting
with interpreted BASIC for the Radio Shack TRS-80 and for the original
IBM PC. For the most part, changes to the source were made only when
and where required to run or compile the code for newer versions of the
IBM, MicroSoft compilers and for Power BASIC.
Page 9
The program is written in unstructured "spaghetti" Basic code. The
variable names and labels are rather cryptic. No attempt has been made
to "prettify" the code. Minimal error checking is used only where
required to ensure proper input to the program.
Miscellaneous Notes
Cipher text files produced with Versions 6.0 and 7.0 of PC-CRYPT
use the same random number generator and XOR processing as Version 8.0
of PC-CRYPT however the keyword input processing is entirely different.
Any archive type files encrypt with Version 6 or 7 should be decrypt and
then re-encrypt with Version 8.
No registration or license is required for personal or commercial
use of the PC-CRYPT program or for derivative versions of the program.
Any comments regarding the PC-CRYPT program and any methods that might
be used to "break" encrypt files will be appreciated. The comments can
be mailed to the address on the cover page or EMailed thru CompuServe.
Files included in both CRYP8USA.ZIP and CRYP8EXP.ZIP file:
FILE_ID DIZ --- 10-01-93 8:00a Description CRYP*.ZIP
NULL ZIP 1122 10-01-93 8:00a NULL.1MB File
PC-CRYPT DOC 31394 10-01-93 8:00a PC-CRYPT V8 Documentation
PC-CRYPT EXE 44106 10-01-93 8:00a PC-CRYPT.EXE (PowerBASIC)
A license by the Department of State is required for export of the
encryption source code. The source code file PC-CRYPT.BAS is
included in the CRYP8USA.ZIP file and not in the CRYP8EXP.ZIP file.
Do not copy or distribute this source code file in any situation
where there is a possibility that export restrictions would apply
(see following EXPORT WARNING).
PC-CRYPT BAS 14909 10-01-93 8:00a BASIC Source (QuickBASIC)
EXPORT WARNING
Federal Government regulations require a valid Department of State
license for the export of cryptographic source code. These regulations
are applicable to the PC-CRYPT.BAS source code file; regulations do not
prohibit the export of the executable compiled code in the PC-CRYPT.EXE
file. Any individual or activity, such as a bulletin board system or an
"information provider" such a CompuServe, etc., that makes the source
code available for download to anyone accessing the system from a foriegn
country might be considered by the Department of State to be an exporter
of the source code.