File Encryption / Decryption using FCRYPTJ1
File Encryption
Run the utility from a Command Prompt and when requested, enter the file to
be encrypted and press return. Then enter the destination file, if no name
is specified here pressing return generates a random filename with a file
type of .XXX The first stage can be shortened by including the source
file on the command line when stating the utility, eg.
FCRYPTJ1 filename.doc
The password can be anything up to 48 characters long - if anything longer
is entered it will be truncated. The backspace key can be used to edit
password entry, but all other keys will treated as valid password characters.
Note that passwords are case sensitive and all ASCII characters apart
from [cr] and [bk-sp] can be included.
Press return to complete password entry, and the programme will respond
with the number of bytes encrypted. For long files > 10000 bytes a bar
shows the coding progress.
Decryption
The algorithm is completely symmetrical, so decryption is performed
identically to encryption. Use the destination file from the encryption
process as the source and specify a suitable destination file name and file
type. Security of the encryption process.
This depends entirely on the password. Use passwords of at least eight
characters, and preferably with a mix of letters and numbers to prevent a
brute-force attack. *
Encryption Algorithm
The encryption algorithm uses
RC4
which was developed by Ron Rivest in 1987 for RSA Data Security Inc.
For seven years this was proprietary but in 1994
the source code was leaked to the Cypherpunks mailing-list, anonymously,
from which it then spread around the world like wildfire.
See Bruce Schneier, Applied Cryptography (2nd Edition, 1996) for more
details.
Schneier states (at the time of writing) that there appear to be no known
weaknesses in RC4. Therefore a brute-force attack is the only option for
anyone trying to break the code. The algorithm is straightforward,
and follows many of the basic rules for cryptography, including muddle and confusion
RC4 is used in a wide variety of products under a commercial license from
RSA Inc. Use of this software for commercial purposes is therefore not
permitted.
* Salt is appended to the password to increase the security in the event
of certain types of password being (mis)chosen. The added salt string consists
of the characters "67caTs" followed by ASCII character 245 and the ASCII
character corresponding to the length of the original password entered + 41.
A total of eight extra characters are added, but note that as they are
completely predictable, there is no increase in the effective password
length. Security still depends on having a long-enough random password to start
with.
If no password is specified, the salt will work as a short, fixed
password that may be sufficient for hiding the file's contents from casual
scrutiny without having to remember a password -
but nothing more !!
The programme will encrypt a file with a user defined password.
The source (encrypted) file can be included on the command line, eg.
FCRYPTJ1 GHTYUIOP.XXX
Password length here is set to a maximum of 48 input characters which
potentially could give a password of more than than 440 bits of entropy.
An 8 character trivial password, and assuming only common ASCII symbols
are chosen exhibits approximately 48 bits of entropy.
Note that according to Schneier writing in 1996, encryption products of
more than 40 bits are prohibited from export from the US.
Therefore we can quite reasonably assume that 40 bits means weak!
Most modern commercial products make use of 128 or 256 bit password /
encryption requiring a password of at least 20 ASCII characters for
good security.