home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Best of Windows 95.com 1996 September
/
WIN95_09964.iso
/
encrypt
/
cryptext.zip
/
readme.txt
< prev
next >
Wrap
Text File
|
1996-09-24
|
6KB
|
116 lines
Copyright (c) Nick Payne 1996
This readme is for Cryptext v1.3
Cryptext is a freeware Windows 95 / NT4 shell extension that performs strong
file encryption. It uses a combination of SHA and RC4 to encrypt files using
a 160-bit key. The current version of Cryptext can be found at
http://www.pcug.org.au/~njpayne
Cryptext may be used in any way, for any purpose, at no cost. It may be
distributed by any means, provided that the original files as supplied by the
author remain intact and that no charge is made other than for reasonable
distribution costs. Note that Cryptext contains strong cryptographic routines
upon which some countries place distribution and/or use restrictions. Verify
that you are allowed to use or distribute Cryptext before doing so.
DISCLAIMER OF WARRANTY
THIS SOFTWARE AND DOCUMENTATION ARE PROVIDED "AS IS" AND WITHOUT WARRANTIES
AS TO PERFORMANCE OF MERCHANTABILITY OR ANY OTHER WARRANTIES WHETHER EXPRESSED
OR IMPLIED. BECAUSE OF THE VARIOUS HARDWARE AND SOFTWARE ENVIRONMENTS INTO
WHICH THIS PROGRAM MAY BE PUT, NO WARRANTY OF FITNESS FOR PARTICULAR PURPOSE
IS OFFERED. GOOD DATA PROCESSING PROCEDURE DICTATES THAT ANY PROGRAM BE
THOROUGHLY TESTED WITH NON-CRITICAL DATA BEFORE RELYING ON IT. THE USER MUST
ASSUME THE ENTIRE RISK OF USING THE PROGRAM.
Any product or brand names mentioned in this document are trademarks or
registered trademarks of their respective owners.
To install Cryptext
===================
1. Unzip the contents of CRYPTEXT.ZIP into a directory
2. In Explorer, right-click on CRYPTEXT.INF and select Install from the popup
context menu To install this shell extension on Windows NT you must be
logged in as administrator or a user who is a member of the Administrators
group. This is because installing a shell extension on NT requires update
rights to a part of the registry to which a normal user cannot write.
To uninstall Cryptext
=====================
1. From the Start menu, select Settings, then Control Panel, then Add/Remove
Programs.
2. If you are running on Windows 95, select the "Cryptext (Windows 95)
(Remove only)" entry.
If you are running on Windows NT, select the "Cryptext (Windows NT)
(Remove only)" entry.
3. Click on the Add/Remove button.
How does it work?
=================
1. When you install Cryptext it adds "Encrypt" and "Decrypt" items to the
context menu you get when right-clicking on a file or directory in
Explorer.
2. When you encrypt or decrypt files, Cryptext takes your password and uses
the SHA one-way hash function to generate a 160-bit key from the password.
It uses this 160-bit key to encrypt or decrypt the files with the
RC4 algorithm.
3. In order to verify your password on second and subsequent executions,
Cryptext takes the 160-bit key generated in step 2, adds it to the end of
your password, and applies the SHA function to the concatenation of the
password and key. The resultant hash is saved so that subsequent passwords
can be checked for validity by being put through the same two-step hash and
compared with the stored value.
Notes
=====
1. If you are running on Windows NT 4 then you have the option to retain the
encryption password in memory for the duration of your NT session. If you
are running on Windows 95 you must enter the password for each encryption
or decryption.
2. After the initial execution of Cryptext, you cannot change your encryption
password unless you know the existing password. If you forget the password,
you have to uninstall and reinstall Cryptext. If you have files you have
encrypted and you have forgotten the password then those files are not
recoverable.
To uninstall Cryptext:
a) From the Start menu, select Settings / Control Panel
b) In Control Panel, select Add/Remove Programs
c) On the Install/Uninstall tab, select "Cryptext (Remove only)" in the list of installed
programs and click on the Add/Remove button
3. Cryptext assumes that the file system on which it is running supports long
filenames. When it encrypts a file it adds the extension ".$#!" to the
filename. This name change will fail if the existing filename already
exceeds 252 characters or if the file system does not support long
filenames (such as a NetWare server volume which does not have long
namespace support loaded). The resulting file is still encrypted but it
does not have the extension which Cryptext recognises, and when you decrypt
it you will be queried whether the file is actually encrypted.
4. Password selection. Cryptext allows a password to be up to 255 characters
long. As a file encryption password is generally in use for much longer
than a login password, you should use more care selecting it. For more
information on good password selection, use one of the www search engines
to search for web documents containing "password", "selection", and "good".
5. My thanks to Gary Mulhern for showing how to add the registry entries to
get a meaningful icon and file type to display for encrypted files in
Explorer.
If you are interested in finding out more about encryption and cryptography:
a) RSA's web site at www.rsa.com has a good cryptography FAQ available both
online and as a downloadable PDF file
b) There is a lot of cryptographic source code at the ftp site
idea.sec.dsi.unimi.it/pub/security/crypt/code
c) Bruce Schneider's book "Applied Cryptography" has a comprehensive coverage
of both protocols and algorithms
Nick Payne
njpayne@pcug.org.au