EddyHawk's Info List --- FILE (ENCRYPTER/CIPHER), VERIFIER --- -TinyIDEA By: Fauzan Mirza (England) Year: 1995-1999 V3 [1996] heavy size optimization V4 [1999] heavy size optimization by Mark Andreas disadv: PGP-crypted, key only available for USA resident Note: the smallest IDEA cipher implementation -TinyFish by: Dutra Lacerda Note: the smallest BlowFish cipher implementation -BFA (BlowFish Advanced) By: Markus Hahn Compiler: BP V7.0 (?) V7 [1996?] uses Blowfish, Blowfish32, TDES & Cobra cipher & mixing of them GUI shareware max 5 char passphrase note: the doc mentions that this triple DES implementation isn't real because it removes initial & final permutation (considered as cryptographically worthless) to speed things up -UCRYPT (UltraCRYPT) By: AIP-NL (The Netherlands) Compiler: Borland C++ [1991] + assembly V2.37b [1996] UCrypt is part of UC2 archiver and is designed to crypt uc2 archive only, but we can trick it to crypt anyfile by putting UC2 ID header ('UC2'+ 1Ah) in front of the file-to-be-crypted UCrypt uses 2 encryption algorithms: -3DES (Triple DES) + MD5 apparently AIP-NL doesn't aware that MD5 is (half) broken in 1996 .uses MD5 output as 2 random DES keys .crypt with key1, decrypt with key2, crypt with key1 (112 bit) but this isn't? 3DES: UCrypt doesn't process each block 3 times, but the whole file 3 times .since UCrypt passes my no-pattern-file test, it surely uses a chaining mode (ex: CBC). since DES-crypted block isn't the same with 3DES-crypted block while serves as IV to next block, it will generates different? ciphertext than standard 3DES .crypt keys with password & crypted file it means that the keys are stored in crypted archive -equal to trap door :) while imho, the password should be hashed with MD5 to be 2 DES keys, not current time/date? hashed through MD5 and does UCrypt use 3DES again to crypt those keys? I don't think so apparently the password is directly used as the crypt key .the (de)cryption is very slow (of course, it's DES :) for 2,636kb (2,700,000 byte) file on my 1st computer: crypt: 242 second, decrypt: 233 second or about 80+ second for single DES while my Mr.Hyde V0.46a can attain 13 second .UCrypt is claimed to be enhanced against brute-force attack -maybe it adds salt on password to 'frustate on-line password guesser' -MD5 based one time pad .of course, this is not OTP, because the key must be: -truly random numbers -as large as plaintext -used only once .password -> MD5 hash -> PRNG? .the (de)cryption is slow for 2,700,000 byte file on my computer: crypt/decrypt=80/78 second UCrypt has 'destroy plaintext' option: -very slow wiping (wipe,fill,scramble,wipe,scramble,delete) -doesn't erase file entry -I think SWAG/WipeFile (used in Mr.Hyde) is faster & more secure :) src is available only to be verified -PKZIP -S By: PKWARE (USA) V1.0 broken by Biham & Kocher's attack < 1 day with few 100b of known plaintext V2.04g [1993?] stream cipher variable length key V2.50 [1999] Note: part of PKZIP archiver (can only crypt ZIP archive) -PGP (Pretty Good Privacy) By: Philip Zimmerman (USA) et al/Network Associates year: 1990-2000 Type: pub-key.(ciph/sign/verifi)er, free V2.3 [1993?] at that time, USA regulation classified its strong crypt as weapon, so USA residents was unallowed to export them. PGP uses RSA and becoming very popular until it spreads overseas. To be safe, 2 PGP version is made. USA PGP user can continue using usual PGP, while non-USA PGP user are advised to only use PGP international release (PGPi) to help the author V2.6.3 [1996] V5.0 [1997] DOS32 ver (last? DOS ver) uses Diffie-Hellman, IDEA & CAST cipher V6.53 [2000] Win32 ver Bussiness version -CRY By: Harry J. Smith Year: 1987-1992 Compiler: BP V6.0, BC++ [1991] V6.00 [Nov 1992] C & Pascal src is provided spent 1,400 hours of author time Note: to replace DES -PEGWIT By: George Barwood Compiler: TopSpeed C [1989] (?) Type: pub-key.(ciph/sign/verifi)er, free V8.71 Note: uses Elliptic Curve, Square cipher, SHA1 hash -BLOWFISH-CBC By: Dutra Lacerda (Portugal) Compiler: BP V7.0 V1.5a [27 Aug 1996] src is provided but prog x uses non-pub 8086 ASM routines -> faster uses BlowFish cipher crypt speed ~ 200,000b/sec (incl. I/O time) no longer updated? -ARJ -G by: Robert K. Jung/ARJSoftware V2.75a [Oct 2000] crypt uses simple XOR (-g) -> easy? to break GOST 28147-89 cipher in 64bit CFB mode 40bit key (-g -hg!) to meet USA export regulation (but not anymore?) separate module ARJCRYPT.COM, 256bit key (?) (-g -hg) only for USA user note: -g(arble) is simply transform passphrase into same length key and repeatly xor it with same length archive data part of ARJ archiver (can only crypt ARJ archive) -Krypto by: Bathysphere V1.1 [1993] up to 255 char passphrase note: crypt uses date/time stamp (same plaintext -> different ciphertext) if U change crypted file d/ts, decrypt will fail regardless of correct key author: crypt uses novel chaos theory -Mr.Hyde by: EddyHawk V0.54a [Nov 2000] EdH: anyone dares to review or should I? :) Morgan et al reported few security flaws, but I don't thoroughly test it -Hermes by: Morgan (Poland) type: 386, fpu, 4Mb RAM, dos > v3.3 V1.0b [22 Oct 2000] can't run under win note: pres uses SixPack crypt uses FFT, PRNGs, PNC, buffer permute, double feedback stream cipher, polymorphism -VCH (VouCH) by: Awais M. Hussain (Pakistan?) year: 1993-1997 type: 386, verifier compiler: tc v2.0 [1988] V1.3 [May 1997] lite ver