What is cryptography?
Cryptography is the science of using mathematics to encrypt
and decrypt information. Once the information has been encrypted,
it can be stored on insecure media or transmitted on an insecure
network (like the Internet) so that it cannot be read by anyone
except the intended recipient.
What is encryption?
Encryption is the process in which data (plaintext) is translated
into something that appears to be random and meaningless (ciphertext).
Decryption is the process in which the ciphertext is converted
back to plaintext.
What is a cryptographic algorithm?
A cryptographic algorithm, or cipher, is a mathematical function
used in the encryption and decryption process. A cryptographic
algorithm works in combination with a key (a number, word, or
phrase) to encrypt and decrypt data. To encrypt, the algorithm
mathematically combines the information to be protected with
a supplied key. The result of this combination is the encrypted
data. To decrypt, the algorithm performs a calculation combining
the encrypted data with a supplied key. The result of this combination
is the decrypted data. If either the key or the data is modified,
the algorithm produces a different result. The goal of every
encryption algorithm is to make it as difficult as possible
to decrypt the generated ciphertext without using the key. If
a really good encryption algorithm is used, then there is no
technique significantly better than methodically trying every
possible key. Even for a key size of just 40 bits, this works
out to 2ˆ40 (just over 1 trillion) possible keys.
Differences between symmetric and asymmetric algorithms.
Symmetric algorithms encrypt and decrypt with the same key.
Main advantages of symmetric algorithms are its security and
high speed. Asymmetric algorithms encrypt and decrypt with different
keys. Data is encrypted with a public key, and decrypted with
a private key. Asymmetric algorithms (also known as public-key
algorithms) need at least a 3,000-bit key to achieve the same
level of security of a 128-bit symmetric algorithm. Asymmetric
algorithms are incredibly slow and it is impractical to use
them to encrypt large amounts of data. Symmetric algorithms
are about 1,000 times faster than asymmetric ones.
How secure is CryptoForge?
CryptoForge uses four strong (symmetric) cryptographic algorithms
to protect your information:
key) is a strong and fast algorithm designed by Bruce Schneier,
one of the most prestigious cryptographers all over the world.
Rijndael (256-bit key) is a high security algorithm created
by Joan Daemen and Vincent Rijmen (Belgium). Rijndael is the
new Advanced Encryption Standard (AES) chosen by the National
Institute of Standards and Technology (NIST).
DES (168-bit key) is a strong, well-known, U.S. Government
algorithm. TripleDES use the DES algorithm three times with
three different keys.
Gost (256-bit key) is a cryptographic
algorithm from Russia that appears to be the Russian analog
to DES. Gost has undergone intensive peer review and is regarded
to be secure.
At present, there is no way to break any of these algorithms,
unless to try all possible keys. If one billion computers were
each searching one billion keys per second, it would take over
10*10ˆ24 years to recover information encrypted with a
168-bit algorithm (the age of the universe is 10*10ˆ9 years).
In addition, CryptoForge implements mechanisms against modifications
in its code. When executed, it verifies the algorithms with
the test vectors provided by their designers.
The four encryption algorithms implemented in CryptoForge are Block Ciphers.
This means that they encrypt data in block units, rather than
a single bit at a time. The algorithms are used in Cipher Block
Chaining mode, where the original data is XORed with the previous
ciphertext before encryption. On the first encryption, a random-generated
128-bit Initialization Vector is used as the ciphertext. CBC
mode ensures that even if the data contains many identical blocks,
they will each encrypt to a different ciphertext block.
When you enter your passphrase into CryptoForge, it is hashed
with a Hash algorithm to generate a fingerprint, also known
as digest. The one-way Hash function takes variable-length input,
in this case your passphrase, and produces a fixed-length output.
Also ensures that, if the passphrase is changed -even by just
one bit- an entirely different output value is generated. This
value is the key actually used by the cipher. That process is
repeated using a different Hash function for each encryption
algorithm, thus generating four unique keys.
Although CryptoForge allows encryption with more than one algorithm,
for most users this might be considered unnecessary, because
the level of protection provided by any of the employed algorithms
is (at least in the unclassified world), good enough. However,
this ensures that even if in the future one of them is attacked,
your information will remain protected. Actually, it is surprisingly
difficult to determine just how good an encryption algorithm
is. If you wish to use more than one encryption algorithm, changing
the order in which they are used should add another problem
to a hardware-based attack (i.e. an array of special chips trying
trillions keys a second).
Secure file deletion is accomplished by writing a pattern of
all ones, zeros, and a stream of pseudo-random data, iterating
the number of times specified by the user. The name of the file
is overwritten as well. The length of the file is then truncated