EddyHawk's Info List
---
FILE (ENCRYPTER/CIPHER)
---
-TinyIDEA
 By: Fauzan Mirza (England)
 Year: 1995-1999
 V3 [1996]
  heavy size optimization
 V4 [1999]
  heavy size optimization
  by Mark Andreas
 Note: the smallest IDEA cipher implementation

-TinyFish
 by: Dutra Lacerda
 Note: the smallest BlowFish cipher implementation

-BFA (BlowFish Advanced)
 By: Markus ?
 Compiler: BP V7.0 (?)
 V7 [1996?]
  uses Blowfish, Blowfish32, TDES & Cobra cipher & mixing of them
  GUI
  shareware
   max 5 char passphrase
  note: the doc mentions that this triple DES implementation isn't real
   because it removes initial & final permutation (considered as
   cryptographically worthless) to speed things up

-UCRYPT (UltraCRYPT)
 By: AIP-NL (The Netherlands)
 Compiler: Borland C++ [1991] + assembly
 V2.37b [1996]
  UCrypt is part of UC2 archiver and is designed to crypt uc2 archive only,
   but we can trick it to crypt anyfile by putting UC2 ID header ('UC2'+ 1Ah)
   in front of the file-to-be-crypted
  UCrypt uses 2 encryption algorithms:
  -3DES (Triple DES) + MD5
   apparently AIP-NL doesn't aware that MD5 is (half) broken in 1996
   .uses MD5 output as 2 random DES keys
   .crypt with key1, decrypt with key2, crypt with key1 (112 bit)
    but this isn't? 3DES:
    UCrypt doesn't process each block 3 times, but the whole file 3 times
     .since UCrypt passes my no-pattern-file test, it surely uses a
      chaining mode (ex: CBC). since DES-crypted block isn't the same
      with 3DES-crypted block while serves as IV to next block,
      it will generates different? ciphertext than standard 3DES
   .crypt keys with password & crypted file
    it means that the keys are stored in crypted archive
    -equal to trap door :)
    while imho, the password should be hashed with MD5 to be 2 DES keys, not
     current time/date? hashed through MD5
    and does UCrypt use 3DES again to crypt those keys? I don't think so
     apparently the password is directly used as the crypt key
   .the (de)cryption is very slow (of course, it's DES :)
    for 2,636kb (2,700,000 byte) file on my computer:
    crypt: 242 second, decrypt: 233 second
    or about 80+ second for single DES
    while Mr.Hyde V0.46a can attain 13 second
   .UCrypt is claimed to be enhanced against brute-force attack
    -maybe it adds salt on password to 'frustate on-line password guesser'
  -MD5 based one time pad
   .of course, this is not OTP, because the key must be:
    -truly random numbers
    -as large as plaintext
    -used only once
   .password -> MD5 hash -> PRNG?
   .the (de)cryption is slow
    for 2,700,000 byte file on my computer: crypt/decrypt=80/78 second
  UCrypt has 'destroy plaintext' option:
  -very slow wiping (wipe,fill,scramble,wipe,scramble,delete)
  -doesn't erase file entry
  -I think SWAG/WipeFile (used in Mr.Hyde) is faster & more secure :)
  src is available only to be verified

-PKZIP -S
 By: PKWARE (USA)
 V1.0
  broken by Biham & Kocher's attack < 1 day with few 100b of known plaintext
 V2.04g [1993?]
  stream cipher
  variable length key
 V2.50  [1999]
 Note: part of PKZIP archiver (can only crypt ZIP archive)

-PGP (Pretty Good Privacy)
 By: Philip Zimmerman (USA) et al
 year: 1990-2000
 Type: pub-key.(ciph/sign/verifi)er, free
 V2.3 [1993?]
 V2.6.3 [1996]
 V5.0 [1997]
  DOS32 ver
  uses Diffie-Hellman, IDEA & CAST cipher
 V6.53 [2000]
  Win32 ver

-CRY
 By: Harry J. Smith
 Year: 1987-1992
 Compiler: BP V6.0, BC++ [1991]
 V6.00 [Nov 1992]
  C & Pascal src is provided
  spent 1,400 hours of author time
 Note: to replace DES

-PEGWIT
 By: George Barwood
 Compiler: TopSpeed C [1989] (?)
 Type: pub-key.(ciph/sign/verifi)er, free
 V8.71
 Note: uses Elliptic Curve, Square cipher, SHA1 hash

-BLOWFISH-CBC
 By: Dutra Lacerda (Portugal)
 Compiler: BP V7.0
 V1.5a [27 Aug 1996]
  src is provided
   but prog x uses non-pub 8086 ASM routines -> faster
  uses BlowFish cipher
  crypt speed ~ 200,000b/sec (incl. I/O time)
  no longer updated?

-ARJ -G
 by: Robert K. Jung/ARJSoftware
 V2.75a [Oct 2000]
  crypt uses
   simple XOR (-g) -> easy? to break
   GOST 28147-89 cipher in 64bit CFB mode
    40bit key (-g -hg!) to meet USA export regulation (but not anymore?)
    separate module ARJCRYPT.COM, 256bit key (?) (-g -hg)
     only for USA user
 note:
  -g(arble) is simply transform passphrase into same length key and
  repeatly xor it with same length archive data
  part of ARJ archiver (can only crypt ARJ archive)

-Krypto
 by: Bathysphere
 V1.1 [1993]
  up to 255 char passphrase
 note:
  crypt uses date/time stamp (same plaintext -> different ciphertext)
  if U change crypted file d/ts, decrypt will fail regardless of correct key
 author: crypt uses novel chaos theory