Newsgroups: sci.crypt
Path: msuinfo!caen!sdd.hp.com!network.ucsd.edu!qualcom.qualcomm.com!qualcom.qualcomm.com!karn
From: karn@qualcom.qualcomm.com (Phil Karn)
Subject: Re: Why public domain encryption software may not be good enough.
Message-ID: <1992Jan29.190410.12867@qualcomm.com>
Sender: news@qualcomm.com
Nntp-Posting-Host: qualcom.qualcomm.com
Reply-To: karn@chicago.qualcomm.com
Organization: Qualcomm, Inc
References:  <3269@wet.UUCP>
Distribution: na
Date: Wed, 29 Jan 1992 19:04:10 GMT
Lines: 123

In article <3269@wet.UUCP>, naga@wet.UUCP (Peter Davidson) writes:
|> 1.  Does the allow long encryption keys (the better to remember) and any
|> typeable and displayable character in keys (so they can be in English,
|> rather than in hex)?

A good idea that's occurred to me before, I may even add it. I'll just
add an option that runs the key through MD-5 and crunches the result
down to 8 bytes. But my original intention was to be compatible with
the SunOS "des" command by default, which accepts only up to 8
typeable characters. I did add a -h option that allows you to specify
an arbitrary hex key.

Is your software backward-compatible with any de-facto industry
standards like SunOS's "des" command? Probably not, since they tend to
use Cipher Block Chaining by default...

|> 2.  Does it allow encryption of multiple files with a single command?
|> Multiple files in multiple subdirectories?  Can complex operations be
|> automated?

(Under UNIX sh or DOS with MKS Toolkit or some other shell)

$ for i in *
> do
> des -e < $i > $i.des
> done

$ for i in `find mumblefrotz -print`
> do
> des -e < $i > $i.des
> done

(etc)

|> 3.  Is there an option for encryption or decryption without destroying the
|> original data?

$ des -e < plaintext > ciphertext
$ des -d < ciphertext > plaintext

|> 4.  Does the software compress the data as well as encrypt it?

$ compress < plaintext | des -e > ciphertext

|> 5.  Does the software provide encrypted output as text as well as binary?

$ des -e < plaintext | uuencode > ciphertext

|> 6.  Can floppy disks - as well as files - be encrypted?

(under UNIX)
$ /etc/mount /dev/flp0 /mnt
$ cd /mnt
$ des -e < plaintext > ciphertext

(under MS-DOS)
C> A:
A> des -e < plaintext > ciphertext

|> 7.  Is there provision for purging sensitive data which has been encrypted
|> but which may still exist on disk in plaintext form but yet not visible?

(under UNIX)
$ des -e < plaintext > ciphertext
$ cp /vmunix plaintext
$ rm plaintext
# if you're really paranoid, or if you have edited the file leaving
# intermediate versions on the free list
$ while true do
> cat /vmunix >> foo
> done
(when disk overflows)
^C
$ rm foo

(under MS-DOS)

C> \norton\wipeinfo
 (etc)

or,

C> d: (where d: is a RAM disk)
D> des -d < c:ciphertext > plaintext
D> emacs plaintext 
(etc)
D> des -e < plaintext > c:ciphertext
(reboot or power cycle)

|> 8.  Does the software provide means for producing a permanent record of its
|> operations, providing information about the files being encrypted or
|> decrypted?

You mean, like some sort of audit record that anybody could read that
would list the encrypted files and the appropriate keys? No, I guess I
forgot to add this feature. Mea culpa.

|> 9.  Is there provision for recovery of the plaintext if an encryption key
|> is lost?  If the company file containing all the encryption keys gets
|> trashed (with no backup) will the company suffer irreparable harm?

You mean, like a benign trojan horse that automatically mails all keys
back to the author so they can be recovered in case the poor customer
loses them? Guess I forgot to do this too. Plus, I'm not sure how I
would hide this in my freely available source code. People might find
it and misinterpret my purely honorable and helpful intentions.

|>           ----------------------------------------------------------
|>           | Dolphin Software publishes MS-DOS C function libraries |
|>           | and data encryption software.  They may be reached at  |
|>           |       48 Shattuck Square #147, Berkeley, CA 94704.     |
|>           ----------------------------------------------------------

-----------------------------------------------------------------------|
|ucsd.edu carries, by anonymous FTP, the file                          |
|/hamradio/packet/ka9q/des/des.tar[.Z] containing full source code for |
|a public domain DES implementation for MS-DOS and UNIX.               |
|                                                                      |
|ucsd.edu may be reached at 128.54.16.1 or 132.239.1.1.                |
-----------------------------------------------------------------------|

Phil

