7.11.1. Other Ciphers and Tools - RIPEM - PEM - MD5 + SFS (Secure FileSystem) 1.0 - "SFS (Secure FileSystem) is a set of programs which create and manage a number of encrypted disk volumes, and runs under both DOS and Windows. Each volume appears as a normal DOS drive, but all data stored on it is encryped at the individual-sector level....SFS 1.1 is a maintenance release which fixes a few minor problems in 1.0, and adds a number of features suggested by users. More details on changes are given in in the README file." [Peter Gutmann, sci.crypt, 1994-08-25] - not the same thing as CFS! - 512-bit key using a MDC/SHS hash. (Fast) - only works on a386 or better (says V. Bontchev) - source code not available? - implemented as a device driver (rather than a TSR, like SecureDrive) - "is vulnerable to a special form of attack, which was mentioned once here in sci.crypt and is described in detaills in the SFS documentation. Take a loot at the section "Encryption Considerations"." [Vesselin Bontchev, sci.crypt, 1994-07-01] - Comparing SFS to SecureDrive: "Both packages are approximately equal in terms of user interface, but SFS seems to be quite a bit faster. And comments from various people (previous message thread) seems to indicate that it is more "secure" as well." [Bill Couture <coutu001@gold.tc.umn.edu> , sci.crypt, 1994-0703] + SecureDrive - encrypts a disk (always be very careful!) - SecureDrive 1.3D, 128-bit IDEA cypher is based on an MD5 hash of the passphrase - implemented as a TSR (rather than a device driver, like CFS) - source code available + Some problems reported (your mileage may vary) - "I have been having quite a bit of difficulty with my encrypted drive mangling files. After getting secure drive 1.3d installed on my hard drive, I find that various files are being corrupted and many times after accessing the drive a bunch of crosslinked files are present." [Vaccinia@uncvx1.oit.unc.edu, 1994-07-01] - Others report being happy with, under both DOS and Windows - no OS/2 or Mac versions reported; some say an OS/2 device driver will have to be used (such as Stacker for OS/2 uses) + SecureDevice - "If you can't find it elsewhere, I have it at ftp://ftp.ee.und.ac.za/pub/crypto/secdev13.arj, but that's at the end of a saturated 64kbps link." [Alan Barrett, 1994-07-01] 7.11.2. MDC and SHS (same as SHA?) - "The MDC cyphers are believed to be as strong as it is difficult to invert the cryptographic hash function they are using. SHS was designed by the NSA and is believed to be secure. There might be other ways to attack the MDC cyphers, but nobody who is allowed to speak knows such methods." [Vesselin Bontchev, sci.crypt, 1994-07-01] + Secure Hash Standard's algorithm is public, and hence can be analyzed and tested for weaknesses (in strong contrast with Skipjack). - may replace MD5 in future versions of PGP (a rumor) - Speed of MDC: "It's a speed tradeoff. MDC is a few times faster than IDEA, so SFS is a few times faster than SecureDrive. But MDC is less proven." [Colin Plumb, sci.crypt, 1994-07-04] + Rumors of problems with SHA - "The other big news is a security problem with the Secure Hash Algorithm (SHA), discussed in the Apr 94 DDJ. The cryptographers at NSA have found a problem with the algorithm. They won't tell anyone what it is, or even how serious it is, but they promise a fix soon. Everyone is waiting with baited breath." [Bruce Schneier, reprot on Eurocrypt '94, 1994-07-01] 7.11.3. Stego programs + DOS - S-Tools (or Stools?). DOS? Encrypts in .gif and .wav (SoundBlaster format) files. Can set to not indicate encrypted files are inside. - Windows + Macintosh - Stego + sound programs - marielsn@Hawaii.Edu (Nathan Mariels) has written a program which "takes a file and encrypts it with IDEA using a MD5 hash of the password typed in by the user. It then stores the file in the lowest bit (or bits, user selectable) of a sound file." 7.11.4. "What about "Pretty Good Voice Privacy" or "Voice PGP" and Other Speech Programs?" + Several groups, including one led by Phil Zimmermann, are said to be working on something like this. Most are using commercially- and widely-available sound input boards, a la "SoundBlaster" boards. - proprietary hardware or DSPs is often a lose, as people won't be able to easily acquire the hardware; a software- only solution (possibly relying on built-in hardware, or readily-available add-in boards, like SoundBlasters) is preferable. + Many important reasons to do such a project: - proliferate more crypto tools and systems - get it out ahead of "Digital Telephony II" and Clipper- type systems; make the tools so ubiquitous that outlawing them is too difficult - people understand voice communcations in a more natural way than e-,mail, so people who don't use PGP may nevertheless use a voice encryption system + Eric Blossom has his own effort, and has demonstrated hardware at Cypherpunks meetings: - "At this moment our primary efforts are on developing a family of extensible protocols for both encryption and voice across point to point links. We indend to use existing standards where ever possible. "We are currently planning on building on top of the RFCs for PPP (see RFCs 1549, 1548, and 1334). The basic idea is to add a new Link Control Protocol (or possibly a Network Control Protocol) that will negotiate base and modulus and perform DH key exchange. Some forms of Authentication are already supported by RFCs. We're looking at others." [Eric Blossom, 1994-04-14] + Building on top of multimedia capabilities of Macintoshes and Windows may be an easier approach - nearly all Macs and Windows machines will be multimedia/audiovisual-capable soon - "I realize that it is quite possible to design a secure phone with a Vocoder, a modem and some cpu power to do the encryption, but I think that an easier solution may be on the horizon. ....I believe that Microsoft and many others are exploring hooking phones to PCs so people can do things like ship pictures of their weekend fun to friends. When PC's can easily access phone communications, then developing encrypted conversations should be as easy as programming for Windows :-)." [Peter Wayner, 1993--07-08] 7.11.5. Random Number Generators - A huge area... + Chaotic systems, pendula - may be unexpected periodicities (phase space maps show basins of attraction, even though behavior is seemingly random) 7.11.6. "What's the situation on the dispute between NIST and RSADSI over the DSS?" - NIST claims it doesn't infringe patents - RSADSI bought the Schnorr patent and claims DSS infringes it - NIST makes no guarantees, nor does it indemnify users [Reginald Braithwaite-Lee, talk.politics.crypto, 1994-07- 04] 7.11.7. "Are there any programs like telnet or "talk" that use pgp?" - "Don't know about Telnet, but I'd like to see "talk" secured like that... It exists. (PGP-ized ytalk, that is.) Have a look at ftp.informatik.uni- hamburg.de:/pub/virus/crypto/pgp/tools/pgptalk.2.0.tar.gz" [Vesselin Bontchev, alt.security.pgp, 1994-07-4] 7.11.8. Digital Timestamping + There are two flavors: - toy or play versions - real or comercial version(s) + For a play version, send a message to "timestamp@lorax.mv.com" and it will be timestamped and returned. Clearly this is not proof of much, has not been tested in court, and relies solely on the reputation of the timestamper. (A fatal flaw: is trivial to reset system clocks on computes and thereby alter dates.) - "hearsay" equivalent: time stamps by servers that are *not* using the "widely witnessed event" approach of Haber and Stornetta - The version of Haber and Stornetta is of course much more impressive, as it relies on something more powerful than mere trust that they have set the system clocks on their computers correctly!
Next Page: 7.12 Legal Issues with PGP
Previous Page: 7.10 PGP Front Ends, Shells, and Tools
By Tim May, see README
HTML by Jonathan Rochkind