QuickCrypto Help

Encryption Methods

Encryption Methods

 Previous topic Next topic  

Encryption Methods

 Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic!  

 

Encryption Standards & Techniques

 

(1)       Data Encryption Method Overview

(2)       QuickCrypto Encryption – Blowfish, AES, Triple DES & ACC

(3)       How QuickCrypto Encrypts Files & Text

(4)       Technical Cryptographic Standards adhered to by QuickCrypto

(5)       Key Strengthening (PBKDF2)

(6)       Cipher Block Chaining (CBC)

(7)       Initialization Vectors

(8)       Padding

(9)       Random Number Generation

(10)     Arch Crypto Cipher (ACC)

(11)     Having secure encryption software is not enough …

 

 

(1)       Data Encryption Method Overview

 

Modern encryption methods can be broadly divided into symmetric key algorithms (private key encryption) and asymmetric key algorithms (public key).

 

In a symmetric key algorithm the sender and receiver must have a shared key set up in advance and kept secret from all other parties; the sender uses this key for encryption, and the receiver uses the same key for decryption.

 

In an asymmetric key algorithm, there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept secret by the receiver and enables only the receiver to perform correct decryption.

 

Symmetric key ciphers can be distinguished into two types, depending on whether they work on blocks of symbols, or on a continuous stream of symbols.

 

 

(2)       QuickCrypto Encryption Overview

 

QuickCrypto provides symmetrical file encryption through any of:

 

Blowfish          448 bit

AES                256 bit            (Advanced Encryption Standard)

Triple DES     168 bit            (TDES, TDEA, 3TDES, 3TDEA, T-EDE and 3DES)

 

Email/Text Encryption is created using:

 

Blowfish          448 bit

ACC               n/a                   (Arch Crypto Cipher)

 

 

Blowfish http://en.wikipedia.org/wiki/Blowfish_(cipher)

 

Blowfish is an open source algorithm created by Bruce Schneier. Blowfish provides a good encryption rate in software and no effective cryptanalysis on the full-round version of Blowfish is known publicly as of 2008.

 

Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the ageing DES and free of the problems associated with other algorithms. At the time, many other designs were proprietary, encumbered by patents or kept as government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm can be freely used by anyone." This and its speed (Blowfish is one of the fastest block ciphers in widespread use) has contributed to its popularity in cryptographic software.

 

 

AES (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard)

 

The Advanced Encryption Standard (AES), also known as Rijndael (pronounced Rine Doll), is a cipher adopted as a standard by the U.S. government in 2002. It has been analysed extensively and is now used world wide as a replacement for the Data Encryption Standard (DES).  The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen and is an evolution of refinement of “Square”, one of their earlier designs.

 

 

Triple DES (http://en.wikipedia.org/wiki/Triple_DES)

 

Triple DES is also known as TDES, TDEA, 3TDES, 3TDEA and 3DES and is slowly being replaced by its natural successor, the Advanced Encryption Standard (AES).  TDES can suffer from slow performance in software, AES tends to be around six times faster. In QuickCrypto AES is approximately ?? time faster in like for like tests.  AES also offers higher security potential with a larger block size and longer key.

 

 

ACC is a proprietary algorithm developed by QuickCrypto.com.

 

ACC is a symmetric stream cipher. It is an unpublished and proprietary cryptographic treatment designed within QuickCrypto. Given its unpublished status, it quite correctly would be given zero credence by security and cryptography experts. Combined (wrapped within) Blowfish, ACC adds that extra variation other algorithms miss.

 

 

(3)       How QuickCrypto Encrypts Files & Text

 

File data is streamed into the chosen algorithm (Blowfish, AES, Triple DES – Blowfish is the default set on installation) which encrypts the data via the Cipher Block Chaining (CBC) method using the Pass Phrase (which is itself transformed and cryptographically strengthened into a binary 'Secret Key').

 

File encryption requests are saved in encrypted binary files. The default name of the encrypted file is the supplied file name appended with the extension ".qce", e.g. "Test.doc" will be encrypted and saved as "Text.doc.qce".

 

Qce files cannot be opened or decrypted successfully by any application other than QuickCrypto (and then the correct Pass Phrase is needed). The encrypted binary files are only a few bytes larger than the source file, but the binary is completely scrambled and not interpretable by any other system or other decryption software.

 

Once Qce files are decrypted successfully (using the correct Pass Phrase) they revert back to being an exact digital clone of the original file that was encrypted.

 

These files can therefore then be used for any purpose they were intended for, e.g. documents, images, movies, sounds, etc.

 

Text Encryption requests are streamed into the QuickCrypto ACC encryption algorithm that obscures any type of system formatting and applies a pseudo-one-time-pad encryption prior to be encrypted with the chosen block cipher.

 

The text symbols once encrypted are then encoded into base64/radix64 (e.g. "hello" might be displayed as "MyMSBOb3cgaXMgdGhlIHRpb" once encrypted/encoded).

 

This cipher text (encrypted text) is displayed ready for transmission in an email or saving as a text file.

 

Cipher text cannot be meaningfully read or decrypted successfully by any application other than QuickCrypto (and then the correct Pass Phrase is also needed).

 

 

(4)       Technical Cryptographic Standards adhered to by QuickCrypto

 

Not all cryptography software is developed using robust and peer reviewed standards, even though the same common algorithm terms will often be included within the sales pitch (DES, AES etc.).

 

It is how these algorithms (and the all the required supporting cryptographic functions) have been implemented that counts as much as the concept used. It's no point in having an alarmed steel door with twenty different locks on your house, if you leave all the huge windows open.

 

There can be many short cuts taken in the development of the software that will make it appear that sound encryption has taken place, when in actual fact, it would be 'relatively' easy to break the encryption operation.

 

Quick Crypto has been developed to adhere to the following Cryptography Standards:

 

 

(5)       PBKDF2 (Password-Based Key Derivation Function).

 

PBKDF2 is a key derivation process that is part of RSA Laboratories' Public Key Cryptography Standards (PKCS), specifically PKCS #5 v2.0 (published as the Internet Engineering Task Force's RFC2898). PBKDF2 (key strengthening) makes password cracking extremely difficult, as it significantly reduces the ability to use a pre-set dictionary to attack a password.

 

 

(6)       Cipher Block Chaining

 

The block cipher confidentiality modes within QuickCrypto comply with Recommendation for Block Cipher Modes of Operation (SP80038A).

 

 

(7)       Initialization Vectors

 

The input to the encryption process of the Cipher Block Chaining (CBC) mode includes, in addition to the plain text, a data block called the initialization vector (IV). The IV is used in an initial step in the encryption of a message.

 

The IV for any particular execution of the encryption process must be and is unpredictable.  Every encryption event produces different encrypted output even if the same Source Text or File and Pass Phrase are used.

 

 

(8)       Padding

 

Before encrypting random-length plain text with a block cipher algorithm in CBC mode it needs to be padded to an exact multiple of the block length. QuickCrypto follows the

convention from section 6.3 of RFC 3852 (formerly RFC 3369 and RFC 2630), PKCS #5 and PKCS #7.

 

 

(9)       Random Number Generation

 

The random number generator used in QuickCrypto conforms to the NIST Special Publication 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators (SP80090) first published June 2006.

 

 

(10)     Arch Crypto Cipher (ACC)

 

ACC is a symmetric stream cipher. It is an unpublished and proprietary cryptographic treatment designed within QuickCrypto. Given its unpublished status, it quite correctly would be given zero credence by security and cryptography experts. Combined (wrapped within) Blowfish, ACC adds that extra variation other algorithms miss.

 

 

 

Two disks containing the details of 25 million families were lost from the UK’s Washington Child Benefit Office late in 2007.  The data was not encrypted and the disks have not been recovered.

Marcus Agius, the chairman of Barclays Bank, had £10,000 stolen.  A fraudster gathered enough personal information to convince a call center employee to send out a replacement Barclaycard in his name. The thief took the card to a high street branch of the bank and withdrew £10,000.

UK TV presenter Jeremy Clarkson was so confident that his bank sort code and account number were of no use to a fraudster that he published them in his newspaper column.  Soon after, he discovered that someone had used the data to set up a direct debit to a charity for £500 a month. He stated that he had wanted to prove that the stealing of personal data was a fuss about nothing – he has now seen the error of his ways

In 2008 a UK naval officer had a laptop stolen in Birmingham.  This included passport, National Insurance, driving licence and NHS numbers for about 153,000 people who applied to join the armed forces.  There were also banking details for about 3,700 people. All unencrypted.