File Encryption / Decryption using FileCryptJ
File Encryption
Start the programme and browse for the file to be encrypted,then Doubleclick on the wanted filename. The
destination file then has to be entered. A suggested version consisting of the original filename
with _XXX appended is offered, but this can be changed as desired. Click the 'OK' button when completed. If the same name has inadvertantly been chosen for source and destination files, this will be detected and the destination name can be changed.
Enter a password, repeat as a check when requested and press Start. If the two passwords do not match, this will be detected. The password can be anything up to 48 characters long - if anything longer is entered it will be truncated. Decryption
The algorithm is completely symmetrical, so decryption is performed in an
identical manner to encryption. Use the destination file from the encryption
process as the source and specify a suitable destination file name and file
type. Security of the encryption process.
This depends entirely on the password. Use passwords of at least eight
characters, and preferably with a mix of letters and numbers to prevent a
brute-force attack. *
Encryption Algorithm
The encryption algorithm uses
RC4
which was developed by Ron Rivest in 1987 for RSA Data Security Inc.
For seven years this was proprietary but in 1994
the source code was leaked to the Cypherpunks mailing-list, anonymously,
from which it then spread around the world like wildfire.
See Bruce Schneier, Applied Cryptography (2nd Edition, 1996) for more
details.
Schneier states (at the time of writing) that there appear to be no known
weaknesses in RC4. Therefore a brute-force attack is the only option for
anyone trying to break the code. The algorithm is straightforward,
and follows the basic 'good' rules for cryptography detailed in his book.
RC4 is used in a wide variety of products under a commercial license from
RSA Inc. Use of this software for commercial purposes is therefore not
permitted.
* Salt is appended to the password to increase the security in the event
of certain types of password being (mis)chosen. The added salt string consists
of the characters "67caTs" followed by ASCII character 245 and the ASCII
character corresponding to the length of the original password entered + 41.
A total of eight extra characters are added, but note that as they are
completely predictable, there is no increase in the effective password
length. Security still depends on having a long-enough random password to start
with.
If no password is specified, the salt will work as a short, fixed
password that may be sufficient for hiding the file's contents from casual
scrutiny or getting illegal file types through firewalls without having to remember a password -
but nothing more !!
This software has only just been completed and not yet thoroughly tested, if you find any problems please feel free to suggest changes!
The original FCRYPTJ1.EXE
for DOS / Command prompt is still here, fully compatible with files generated from FileCryptJ provided they keep to the 8.3 file name format.
Encryption with no password is possible which scrambles the file in an otherwise insecure form. For this option just press the Start button
Password length here is set to a maximum of 48 input characters which
potentially could give a password of more than than 440 bits of entropy.
An 8 character trivial password consisting of only common ASCII letters and numbers
exhibits approximately 48 bits of entropy.
Note that according to Schneier writing in 1996, encryption products of
more than 40 bits are prohibited from export from the US.
Therefore we can quite reasonably assume that (back then) 40 bits means weak!
Most modern commercial products make use of 256 bit or higher password /
encryption, requiring a password of the full 48 characters for maximum security.
For all practical purposes, a well chosen phrase, or combination of letters and numbers
will probably be more than good enough.