EddyHawk's Info List --- FILE (ENCRYPTER/CIPHER) --- -TinyIDEA By: Fauzan Mirza (England) Year: 1995-1999 V3 [1996] heavy size optimization V4 [1999] heavy size optimization by Mark Andreas Note: the smallest IDEA cipher implementation -TinyFish by: Dutra Lacerda Note: the smallest BlowFish cipher implementation -BFA (BlowFish Advanced) By: Markus ? Compiler: BP V7.0 (?) V7 [1996?] uses Blowfish, Blowfish32, TDES & Cobra cipher & mixing of them GUI shareware max 5 char passphrase note: the doc mentions that this triple DES implementation isn't real because it removes initial & final permutation (considered as cryptographically worthless) to speed things up -UCRYPT (UltraCRYPT) By: AIP-NL (The Netherlands) Compiler: Borland C++ [1991] + assembly V2.37b [1996] UCrypt is part of UC2 archiver and is designed to crypt uc2 archive only, but we can trick it to crypt anyfile by putting UC2 ID header ('UC2'+ 1Ah) in front of the file-to-be-crypted UCrypt uses 2 encryption algorithms: -3DES (Triple DES) + MD5 apparently AIP-NL doesn't aware that MD5 is (half) broken in 1996 .uses MD5 output as 2 random DES keys .crypt with key1, decrypt with key2, crypt with key1 (112 bit) but this isn't? 3DES: UCrypt doesn't process each block 3 times, but the whole file 3 times .since UCrypt passes my no-pattern-file test, it surely uses a chaining mode (ex: CBC). since DES-crypted block isn't the same with 3DES-crypted block while serves as IV to next block, it will generates different? ciphertext than standard 3DES .crypt keys with password & crypted file it means that the keys are stored in crypted archive -equal to trap door :) while imho, the password should be hashed with MD5 to be 2 DES keys, not current time/date? hashed through MD5 and does UCrypt use 3DES again to crypt those keys? I don't think so apparently the password is directly used as the crypt key .the (de)cryption is very slow (of course, it's DES :) for 2,636kb (2,700,000 byte) file on my computer: crypt: 242 second, decrypt: 233 second or about 80+ second for single DES while Mr.Hyde V0.46a can attain 13 second .UCrypt is claimed to be enhanced against brute-force attack -maybe it adds salt on password to 'frustate on-line password guesser' -MD5 based one time pad .of course, this is not OTP, because the key must be: -truly random numbers -as large as plaintext -used only once .password -> MD5 hash -> PRNG? .the (de)cryption is slow for 2,700,000 byte file on my computer: crypt/decrypt=80/78 second UCrypt has 'destroy plaintext' option: -very slow wiping (wipe,fill,scramble,wipe,scramble,delete) -doesn't erase file entry -I think SWAG/WipeFile (used in Mr.Hyde) is faster & more secure :) src is available only to be verified -PKZIP -S By: PKWARE (USA) V1.0 broken by Biham & Kocher's attack < 1 day with few 100b of known plaintext V2.04g [1993?] stream cipher variable length key V2.50 [1999] Note: part of PKZIP archiver (can only crypt ZIP archive) -PGP (Pretty Good Privacy) By: Philip Zimmerman (USA) et al year: 1990-2000 Type: pub-key.(ciph/sign/verifi)er, free V2.3 [1993?] V2.6.3 [1996] V5.0 [1997] DOS32 ver uses Diffie-Hellman, IDEA & CAST cipher V6.53 [2000] Win32 ver -CRY By: Harry J. Smith Year: 1987-1992 Compiler: BP V6.0, BC++ [1991] V6.00 [Nov 1992] C & Pascal src is provided spent 1,400 hours of author time Note: to replace DES -PEGWIT By: George Barwood Compiler: TopSpeed C [1989] (?) Type: pub-key.(ciph/sign/verifi)er, free V8.71 Note: uses Elliptic Curve, Square cipher, SHA1 hash -BLOWFISH-CBC By: Dutra Lacerda (Portugal) Compiler: BP V7.0 V1.5a [27 Aug 1996] src is provided but prog x uses non-pub 8086 ASM routines -> faster uses BlowFish cipher crypt speed ~ 200,000b/sec (incl. I/O time) no longer updated? -ARJ -G by: Robert K. Jung/ARJSoftware V2.75a [Oct 2000] crypt uses simple XOR (-g) -> easy? to break GOST 28147-89 cipher in 64bit CFB mode 40bit key (-g -hg!) to meet USA export regulation (but not anymore?) separate module ARJCRYPT.COM, 256bit key (?) (-g -hg) only for USA user note: -g(arble) is simply transform passphrase into same length key and repeatly xor it with same length archive data part of ARJ archiver (can only crypt ARJ archive) -Krypto by: Bathysphere V1.1 [1993] up to 255 char passphrase note: crypt uses date/time stamp (same plaintext -> different ciphertext) if U change crypted file d/ts, decrypt will fail regardless of correct key author: crypt uses novel chaos theory