Cream of the Crop 1

home *** CD-ROM | disk | FTP | other *** search

/ Cream of the Crop 1 / Cream of the Crop 1.iso / UTILITY / ZCRYPT12.ARJ / ZCRYPT.DOC < prev next >

Wrap

Text File | 1992-01-28 | 17KB | 359 lines

ZCrypt v1.2 Encryption Utility ZCrypt.Doc file January 27, 1992 Micanopy MicroSystems, Inc. Ph: 904/376-1614 4139-49 SW Archer Road FAX: 904/374-6569 Gainesville, FL. 32608 CompuServe: 72740,1400 Interested in winning $3000? Try your hand at our code breakers contest. See the file: Contest.Doc. To print this file, enter: copy readme.doc prn: TABLE OF CONTENTS ----------------- INSTALLATION Authors: Chuck Segal and GENERAL INFORMATION David MacQuigg USING ZCRYPT TIPS & TECHNIQUES TECHNICAL INFORMATION PROGRAM DISTRIBUTION FILES ON DISK INSTALLATION ------------ To install ZCrypt, simply copy the ZCrypt.exe file into a directory which is on your DOS PATH. To find out which directories are on your PATH, enter "PATH" at the DOS prompt. For more information on the DOS Path command, see your DOS manual. GENERAL INFORMATION ------------------- ZCrypt is a general purpose data encryption utility program. It accepts a key (password or phrase) and uses this key to encrypt (scramble) the contents of a file or group of files on your disk. We are offering the ZCrypt algorithms as a proposed standard for data encryption(the PC Data Encryption Standard, or PCDES). ZCrypt is a modular system in which several algorithms (methods) of encryption can be combined. The user can select any one or all algorithms, depending on the need for speed or security. Using multiple algorithms provides the utmost security. If one of the algorithms is broken, the other algorithms will still protect your data. Three algorithms are provided in this version of ZCrypt. The "LFSR" algorithm (/X) is optimized for speed. The "LFSR with Adder" (/Y) and the "Bit-Basher" (/Z) algorithms offer higher security. All are much faster than the old Data Encryption Standard (DES), which was never intended to run on a Personal Computer (see Table below under "Technical Information"). If you are a PC Software Developer or a Cryptographer, you may be interested in incorporating our ZCrypt algorithms into your product, or having your algorithm included in the ZCrypt standard. For more information, call or write to us at the address above for a copy of our Developers Toolkit. USING ZCRYPT ------------ To see what the ZCrypt command line parameters are, execute the program with no parameters (i.e. enter "ZCrypt" by itself). You will see a screen display similar to the following: ╔═════════════════════════════════════════════════════════════════════════════╗ ║ ZCrypt Version 1.2 1/22/92 (c) 1991 Micanopy MicroSystems, Inc. ║ ╠═════════════════════════════════════════════════════════════════════════════╣ ║ To encrypt: ZCrypt FileName.Ext [EncryptionMethod] [/cfm] ║ ║ To decrypt: ZCrypt FileName.Ext /d [EncryptionMethod] [/cfm] ║ ╠═════════════════════════════════════════════════════════════════════════════╣ ║ Where EncryptionMethod can be: ║ ║ /X = High Speed (default) /XY ═╗ ║ ║ /Y = Optimum /XZ ║ Combinations... ║ ║ /Z = High Security /YZ ═╝ ║ ║ /XYZ = Most secure ║ ║ Options: ║ ║ /CFM = Confirm each filename (when wildcard filenames are specified) ║ ╠═════════════════════════════════════════════════════════════════════════════╣ ║ F1 for Help Escape to Quit ║ ║ Edit functions: ║ ║ Enter - terminates a line Backspace - deletes character ║ ║ Ctrl-Backspace - deletes line ║ ╚═════════════════════════════════════════════════════════════════════════════╝ To use ZCrypt, simply enter the ZCrypt command followed by the appropriate parameters. (note: command line parameters are not case sensitive). After receiving a valid command, the program will prompt for an Encryption Key. For encryption, a second prompt asks you to repeat the password. This avoids a total loss of data due to a typographical error in the Key. For decryption, the program checks to see if the entered Key matches the Key used to encrypt the file. As an example, if you want to encrypt all of your WordPerfect files (assuming they all have .wp5 file extensions), and you wish to confirm each filename before encrypting, the command is: ZCrypt *.wp5 /xyz /cfm This will encrypt your text files using all three algorithms. To decrypt (i.e. recover your original data) enter: ZCrypt *.wp5 /xyz /d Note: Pressing any key during a wildcard file operation will interrupt (after completion of the current file) and ask for confirmation on all subsequent files. The program will not accept a password which has a length less than four characters, and will ignore any after 246. Help is available at any prompt by pressing F1. Maintenance Mode ---------------- The /M option (which is not listed in the Information Screen) is for "Maintenance". It presumes a fair amount of computer knowledge on the part of the user. It allows you to "force" the use of a Key on a file. The ONLY use for this option is to restore a damaged file. Here is an example: You have received an encrypted file. When you try to decrypt it (using what you are 100% certain is the correct password and encryption method), you get the "ERROR -- Incorrect Password or EncryptionMethod" message. To fix this, first make a backup copy of the file. Now run the DOS CHKDSK program, or possibly the Norton Disk Doctor program, to fix any possible File Allocation Table, or other errors. Next, run ZCrypt on the problem file using the /M and /D options. When the "incorrect password" error occurs, you will be prompted to "Skip file, Force Key, or Exit? (S/F/Esc):". Choosing the "Force Key" option will cause the file to be decrypted using the current Key. If the Key you provided was indeed the Key used to encrypt the file (and the ordering of the data in the file has not been changed) then the file should decrypt correctly. TIPS & TECHNIQUES ----------------- We have provided two batch files for your convenience. By editing the .BAT files, you can conveniently set up defaults to be used by the program. For example, if you wish to make the Bit-Basher the default, you would alter the files to look like this: ENCRYPT.BAT: ZCrypt %1 /z DECRYPT.BAT: ZCrypt %1 /z /d Now you can type a command like: "encrypt *.dat" and the program will encrypt all .dat files using the Bit-Basher algorithm. Long, easily remembered phrases, with varied use of case and spacing make good keys. If the key "Mary had a little lamb" is used to encrypt a file, the key "Mary had a little Lamb", (with the L in Lamb capitalized), will NOT decrypt the file! In other words all upper and lower case letters must be the same when decrypting as they were when encrypting. Note that spaces are significant when used in a key. A key consisting of words which are not in the dictionary is more secure than a key with words which are in the dictionary. A snoop can write a program which will try to decrypt your file by using every word in an online dictionary. No matter how secure the encryption method is, it is useless if someone else can guess what your key is! SECURITY -------- Most of the "secret" algorithms available in commercial software can be easily broken by a cryptanalyst. How can the non-expert judge the security of a crypto program? We believe that the attitude of the software vendor provides a clue. A phone call to one revealed that the developer could recover an encrypted file without any knowledge of the user's key. If he can do it, how many others can do it? Another vendor stated that their encryption method was "unbreakable" in spite of the fact that a method to break this widely sold product had been PUBLISHED two years prior! Size and reputation of the vendor is a poor guide. The two mentioned above are among the largest. Most vendors hide their weak algorithms behind a cloak of "secrecy". If they really cared about security, they would PUBLISH their algorithms, LISTEN to feedback from experts and INFORM their users of any weaknesses which are uncovered. We intend to do that and more. We will encourage scrutiny by experts and upgrade our algorithms if any weaknesses are discovered. As an aid to judging the security of our program, we are including some of the design details below. Full details are available in the article "A New Standard for Data Encryption in Personal Computers" by David MacQuigg and Chuck Segal. This article has been submitted to the Journal "Cryptologia" and if accepted, will be published. The article is available upon request. Block diagrams of each algorithm have been published in the file ZCRYPG.ZIP, available from the IBMSYS\UTIL forum on CompuServe. The diagrams are in .gif (graphics interchange format) files. Warning! -------- Many programs "update" a file by creating a new file and "deleting" the old file. Unfortunately, "delete" means "mark the data clusters as available", i.e. a copy of your data remains on disk in an unencrypted form. To correct this, we suggest using the Norton WipeDisk program, which has an option for "wiping" unused data clusters. ZCrypt encrypts each file "in-place" (i.e. it overwrites the current file with an encrypted equivalent). This is faster than writing a new file (due to reduced head motion) and does not leave unencrypted data on disk. TECHNICAL INFORMATION --------------------- ZCrypt runs on any IBM-PC or close compatible, including the XT, AT, and PS/2. It requires DOS 2.1 or greater, 64K bytes of memory and a floppy or preferably a hard disk. The program consists of approximately 1500 lines of assembler, and 1400 lines of C language code. ZCrypt is a Modified Stream Cipher, based on multiple, independent Keystream Generators. Each time a generator is cycled, it outputs a corresponding Running Key byte. As you can see from the block diagram (at the end of this file), the internal state of each generator can be altered by the output of the Controller. The output of each generator is combined with the plaintext, resulting in the ciphertext. There are three algorithms available in ZCrypt. The following table shows the times (in seconds) to encrypt a 100k byte file. These times include the algorithm processing times and disk-access time. Algorithm 8 MHz PC 20 MHz 386 ------------------------------- -------- ---------- Copy file (No encryption) 1.88 1.22 /X = Fast LFSR Rev.1.4b (default) 4.22 1.59 /Y = LFSR w/Adder Rev.2.5a 8.84 2.37 /Z = Bit-Basher Rev.1.1 19.45 3.78 DES (for comparison purposes) 15 The Fast LFSR is optimized for speed. It uses a 16-bit Linear Feedback Shift Register (LFSR) to generate a Running Key (see FASTLFSR.GIF for a diagram). Computation time is only about 20% of the disk access time. This about as fast as any algorithm can be and still be considered an encryption. It is comparable in security to most "secret" algorithms used in commercial software. Your files will be safe from the average snoop with no knowledge of computers or cryptography, but you should not use this algorithm alone if you suspect a "cracker" might be after your files. The LFSR with Adder (LFSRADD.GIF) is our suggested "optimum" compromise between speed and security. It uses an "internal key" of 80 bits, contained in five registers -- as many as we could stuff into an 8088 microprocessor without forcing extra memory accesses. We think this algorithm is secure enough to offer a reward to anyone who can break it (see CONTEST.DOC), however, we don't recommend it for nuclear missile targeting data. The Bit-Basher (BITBASH.GIF) is our top-of-the-line security algorithm. It uses a 128-bit internal key and a "multi-round substitution- permutation network" like in DES. We did not hesitate to add anything we thought would improve security. Unlike DES however, we didn't waste any instructions on useless bit manipulations. This algorithm runs about five times faster than DES, and we think it is more secure. PROGRAM DISTRIBUTION -------------------- It is our belief that the Shareware marketing concept is a sensible solution to the needs of users and developers alike. It allows the user (you) to "test drive" the software thoroughly before making a purchase and if you like the product, to buy it at a price much lower than retail. If you find ZCrypt useful, please register your copy with us. Your $15 entitles you to one free upgrade (shipping not included), and notification of further upgrades and new products. Please use the registration form in the file REGISTER.DOC, or call us at the number above to use your VISA or Mastercard. Site licenses and commercial distribution licenses are available (see Register.Doc file). Any user feedback is HEARTILY WELCOMED! Bugs will be fixed ASAP, and enhancements will be evaluated for inclusion into future releases. With the registration of ZCrypt, users are entitled to 30 minutes of phone support over the first 90 days following registration. You pay for the call, we provide the support. No collect calls, PLEASE! A limited license to free copy and distribute the Shareware version of ZCrypt is hereby granted, provided that: 1) The ZCrypt files (ZCrypt.exe, ZCrypt.doc, Register.doc, Readme.doc and Contest.doc) are distributed together, and in their original, unmodified state. 2) Only a nominal fee for copying and distribution (less than $8) is charged. PCDES is a Trademark (TM) of the PC Data Encryption Standards Committee. ZCrypt is a Trademark (TM) of Micanopy MicroSystems, Inc. ZCrypt code and documentation are Copyright (c) 1991 Micanopy MicroSystems, Inc., all rights reserved. ZCrypt is provided AS IS without any warranty, expressed or implied, including but not limited to fitness for a particular purpose. FILES ON DISK ------------- ZCRYPT.EXE - The ZCrypt executable file README.DOC - "Quick start" information. ZCRYPT.DOC - This file CONTEST.DOC - Contest description and regulations REGISTER.DOC - Registration form and information OMBUDSMN.ASP - ASP Ombudsman policy ENCRYPT.BAT - Batch file for encrypting files DECRYPT.BAT - Batch file for decrypting files ZCRYPT.GIF - Block diagram of ZCrypt architecture FASTLFSR.GIF - Block diagram of Fast LFSR module LFSRADD.GIF - Block diagram of LFSR w/Adder module BITBASH.GIF - Block diagram of Bit-Basher module NOTE: .GIF files are "Graphics Interchange Format" files. You must use an appropriate program to view or print these graphics images. One popular program is "CompuShow", available from the CompuServe PICS forum (filename: cshowa.exe and cshowa.des). A hardcopy of the above .GIF files is included with the disk sent to registered users. --------------------------- ***** ------------------------------ ZCrypt (TM) Encryption System Architecture - A indicates up; V indicates down DKey─┐ ┌─BKey V V TrKey ┌─────┴───┴──────┐ ┌─────────────────┤ Controller (1) ├──────────>───┐ ┌──<─────┐ │ └────┬──┬──┬─────┘ ┌┴─┴┐ │ │ Feedback A A A │ + │ │ │ ┌──────────────┘ │ └─────────────┐ └─┬─┘ │ │ │ │ │ V Modify │ │ │ │ │ │ │ └────┬──┼──────────────┬──┼─────────────┐ │ │ │ │ │ │ │ │ │ │ │ │ │ ┌───────────┼──┼──┬──────────┼──┼──┬────┘ │ V A V V A V V A V │ KeyStream ┌─┴──┴──┴─┐ ┌─┴──┴──┴─┐ ┌─┴──┴──┴─┐ │ Generators │ A │ │ B │ │ C │ │ └────┬────┘ └────┬────┘ └────┬────┘ │ Running Keys V V V │ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ │ >──────>──┤ R ├──────────>──┤ R ├─────────>──┤ R ├──>────────────┴───> PlainText └───┘ └───┘ └───┘ CipherText Note: all data paths 8 bits wide.