Stored Data Cryptographic Applications An Article for Cybertek Electric, by Kathleen Ellis The current debate surrounding the issue of cryptography is by far the most heated in its history. While agencies of law enforcement, federal bureaucrats, and many politicians contend that criminals could use powerful encryption technology to conceal their actions and evade law enforcement, most in the private sector recognize the importance of keeping one's private affairs concealed or unreadable to prying eyes, particularly in the networked environment. The Attorney General, the FBI, and the NSA have deliberately done everything possible to thwart the widespread implementation of crypto technology; doing everything from disseminating misleading information about cryptography to harassing anyone who gets too good at opposing them. At the same time, a grassroots campaign comprised mostly of cryptographers, network professionals, and civil libertarians are doing everything they can to make encryption technology ubiquitous. They are devoted to creating more user-friendly applications available for a wider range of platforms and to educating the public about these opportunities. This article was written to serve the latter purpose; within it I will discuss some of the current technology available regarding the encryption of data files. The Old Standby Pretty Good Privacy, written by Phil Zimmerman, really deserves its own article, and for the purpose of this article I will have to assume at least a general familiarity with its background. From a certain perspective, Pretty Good Privacy (PGP) may be the best way for the beginner to go about encrypting specific files, for several reasons. From a crypto advocate's point of view, it's best to get any beginner familiar with PGP from the start, since it has become a de facto standard in encryption. In addition, PGP is probably the most well-tested and carefully scrutinized encryption program available today. The source code is freely available for review by anyone both online and in hardcopy from most bookstores. PGP is best known for its use in encrypting communications channels, using a cryptosystem known as public-key cryptography, but it also works well as a means to encrypt files using a symmetric-key algorithms. Older versions are equipped with IDEA; 5.0 allows a choice between IDEA (the author's favorite, for a variety of reasons), Triple-DES, and CAST. A few things to keep in mind when using PGP for conventional encryption: 1. Be sure you are using a version obtained directly from an official distribution site (the international site can be found at http://www.ifi.uio.no/~staalesc/PGP/). If you aren't able to look at the source yourself in order to detect any possible trapdoors or trojan horses, it's the best way to ensure that you're getting an untampered product. This applies to all software you may use which is downloaded from a network, but is of particular importance when dealing with security and encryption tools. Keep in mind that if you are outside the US and Canada, you will have to obtain PGP from a non-American site, or else you or the administrator of the site could be in violation of US law. 2. When you use PGP to encrypt a file using one of the symmetric-key algorithms, the program asks for a pass phrase to use to encrypt the file. Do not use the same pass phrase you use for your secret key for communications, or for anything else, for that matter. It is extremely important to choose your pass phrases wisely. All the algorithms that come with the PGP 5.0 package are as any that exist today; any cryptanalytic attack will likely be on the user's pass phrase, rather than the algorithm itself. PGP is a wonderful tool to use when you need to encrypt only a few files, but when you have more than just a few that need to be secured, keeping all those passphrases in mind can be tedious. PGP is secure and as easy to use as anything for file encryption, but as a program it was clearly designed as a communications tool. With this in mind, several file systems have been developed which use cryptography to encipher the files contained within. All PGP versions (including the new one, as long as you are upgrading from a previous version) are freeware, and are capable of running on a variety of operating systems and have trivial hardware requirements. Secure File System (SFS) Although SFS has been developed only for DOS and Windows 3.1 (16- and 32-bits), it works surprisingly well with a variety of low-tech hardware and is compatible with a wide range of software utilities within the DOS/Windows element. SFS was clearly designed with compatiblilty in mind; it is perfect for the old 27 Mb DOS box sitting in the corner of your bedroom as well as for the 2 gigabyte DOS partition of your pentium 200. It is documented to encrypt up to 160 KB/s on a 386/40 and requires only 7.5 KB of memory. SFS will work for hard drives and floppies of any size, and is directly compatible with most popular DOS disk utilities (and a few obscure ones). Furthermore, it works directly with IDE and EIDE drives, as well as almost all known SCSI host adaptors. For the encryption of data, SFS uses the encryption code in cryptlib, a programming interface designed to facilitate the production of cryptographic applications by doing most of the gruntwork for the developer. Cryptlib includes DES, triple DES, IDEA, Blowfish, and others, and is distributed from New Zealand so that domestic restrictions on don't apply. SFS works by encrypting data in volumes, which are interpreted as normal drives. The user can access up to five of these volumes at once. Some of the finer features of SFS include a user-defined hotkey feature which allows the user to unmount the volume instantly, and a file wiping feature which allows the user to destroy the contents of the volume without the possiblity of retrieval. Crypto File System (CFS) Crypto File System is a program similar to SFS, designed for unix. Rather than encrypting volumes, however, it creates encrypted partitions of your hard drive. CFS is a good program, incredibly secure and compatible with all the best algorithms (Blowfish seems to be the favorite when using CFS, although 3DES and IDEA are also frequently used) although development has been slow since it was first released three years ago. Thus, as technically elegant as CFS is, as with most free Unix software, the user will have to do some tweaking to customize it to meet their needs. A Word on Commercial Applications There are tons of commercial applications out there that look good, if you insist on paying for your software. Norton Secret Stuff, which runs exclusively on Windows 3.1, NT, and 95, is actually free, and can be downloaded from Symantec's web site. Don't necessarily believe everything you read on their site, however; Symantec seems determined to market NSS as "information superhighway" software, designed for the transport of files and email. Don't believe it; NSS exclusively uses symmetric-key algorithms, and the problem of getting the passphrase to the recipient of the message/file without being intercepted is a significant one, from a security standpoint. On the other hand, if the recipient can get the passphrase without it being intercepted, it is not necessary for them to have a copy of NSS in order to decrypt the message, which is a nice feature. Unfortunately, NSS is designed to encrypt only one file per passphrase, and as with PGP, this system is not always ideal for encrypting more than a few files. Furthermore, NSS uses Blowfish, a good algorithm, but at a measly 32-bit key length, which will keep your little brother from reading your files, but it certainly won't keep out anyone with a budget. It's not a great program; serious users will want to look elsewhere. RSA is a company who has been making great encryption software for a long time, and they employ probably the best mathematicians and cryptographers in the world. They also have a product out, called SecurePC, which is designed to encrypt multiple files all over your hard drive; they don't even have to be in the same directory. Developed for Macintosh and Windows, Secure PC encrypts at a rather sluggish rate -- 25 MB/minute on a Pentium 75, but it uses 128-bit RC4, a widely-used stream cipher. Snake Oil -- What Not To Use Perhaps more important than knowing what to look for in good crypto is how to recognize unreliable or insecure cryptographic applications. This author is particularly wary of two common problems with some applications; the first of which is the "Approved for Export" label flashed by some products. The product has been approved for export by the US Federal government because it has made special concessions to comply with the Department of Justice; specifically it is written to use ridiculously short (and thus insecure) encryption keys, and it likely has some 'key recovery' mechanism built in (meaning that there is another way to decrypt your files besides entering the passphrase). Just stay away from the stuff -- real crypto is still legal in the US, no matter what the DOJ would have you believe. Most products from Trusted Information Systems, Inc. proudly brandish a "Now Approved for Export!" label. Another thing you want to watch out for is any application which generates the key based solely on the passphrase entered by the user. AT&T's SecretAgent uses this method to generate keys, and it's dangerous. An attack could be launched on your encrypted files without even obtaining a key from your machine; the key can be spontaneously generated at any location by figuring out your passphrase. Furthermore, watch out for any encryption product described by its manufacturer as being a 'revolutionary breakthrough', 'unbreakable', or is described using only new or trademarked terms. If it sounds like bullshit, it probably is, and there's a lot of it out there. Also, don't trust any encryption algorithm which relies on secrecy about how it works. Algorithms are proven over time with widespread scrutiny, and if a company won't tell you how an algorithm works because it is 'proprietary', it's both bogus _and_ largely untested. Conclusion With proposed import and domestic use restrictions, it is important that cryptography be demystified for the common user as quickly as possible; people need to recognize that personal privacy is not just an inalienable right, but is also easily attainable.