File Encryption / Decryption using FCRYPTJ1

A file protection utility run from DOS / Command Prompt
The programme will encrypt a file with a user defined password.

File Encryption

Run the utility from a Command Prompt and when requested, enter the file to be encrypted and press return. Then enter the destination file, if no name is specified here pressing return generates a random filename with a file type of .XXX The first stage can be shortened by including the source file on the command line when stating the utility, eg. FCRYPTJ1 filename.doc

The password can be anything up to 48 characters long - if anything longer is entered it will be truncated. The backspace key can be used to edit password entry, but all other keys will treated as valid password characters. Note that passwords are case sensitive and all ASCII characters apart from [cr] and [bk-sp] can be included.

Press return to complete password entry, and the programme will respond with the number of bytes encrypted. For long files > 10000 bytes a bar shows the coding progress.


The algorithm is completely symmetrical, so decryption is performed identically to encryption. Use the destination file from the encryption process as the source and specify a suitable destination file name and file type.
The source (encrypted) file can be included on the command line, eg. FCRYPTJ1 GHTYUIOP.XXX

Security of the encryption process.

This depends entirely on the password. Use passwords of at least eight characters, and preferably with a mix of letters and numbers to prevent a brute-force attack. *
Password length here is set to a maximum of 48 input characters which potentially could give a password of more than than 440 bits of entropy. An 8 character trivial password, and assuming only common ASCII symbols are chosen exhibits approximately 48 bits of entropy.
Note that according to Schneier writing in 1996, encryption products of more than 40 bits are prohibited from export from the US. Therefore we can quite reasonably assume that 40 bits means weak!
Most modern commercial products make use of 128 or 256 bit password / encryption requiring a password of at least 20 ASCII characters for good security.

Encryption Algorithm

The encryption algorithm uses RC4 which was developed by Ron Rivest in 1987 for RSA Data Security Inc. For seven years this was proprietary but in 1994 the source code was leaked to the Cypherpunks mailing-list, anonymously, from which it then spread around the world like wildfire.

See Bruce Schneier, Applied Cryptography (2nd Edition, 1996) for more details.

Schneier states (at the time of writing) that there appear to be no known weaknesses in RC4. Therefore a brute-force attack is the only option for anyone trying to break the code. The algorithm is straightforward, and follows many of the basic rules for cryptography, including muddle and confusion

RC4 is used in a wide variety of products under a commercial license from RSA Inc. Use of this software for commercial purposes is therefore not permitted.

* Salt is appended to the password to increase the security in the event of certain types of password being (mis)chosen. The added salt string consists of the characters "67caTs" followed by ASCII character 245 and the ASCII character corresponding to the length of the original password entered + 41. A total of eight extra characters are added, but note that as they are completely predictable, there is no increase in the effective password length. Security still depends on having a long-enough random password to start with.

If no password is specified, the salt will work as a short, fixed password that may be sufficient for hiding the file's contents from casual scrutiny without having to remember a password - but nothing more !!


Back to main page