Encryption Standards & Techniques

(1) Data Encryption Method Overview
(2) QuickCrypto Encryption – Blowfish, AES, Triple DES & ACC
(3) How QuickCrypto Encrypts Files & Text
(4) Technical Cryptographic Standards adhered to by QuickCrypto
(5) Key Strengthening (PBKDF2)
(6) Cypher Block Chaining (CBC)
(7) Initialisation Vectors
(8) Padding
(9) Random Number Generation
(10) Arch Crypto Cypher (ACC)
(11) Having secure encryption software is not enough …
(12) Acknowledgements

(1)       Data Encryption Method Overview

Modern encryption methods can be broadly divided into symmetric key algorithms (private key encryption) and asymmetric key algorithms (public key).

In a symmetric key algorithm the sender and receiver must have a shared key set up in advance and kept secret from all other parties; the sender uses this key for encryption, and the receiver uses the same key for decryption.

In an asymmetric key algorithm, there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept secret by the receiver and enables only the receiver to perform correct decryption.

Symmetric key ciphers can be distinguished into two types, depending on whether they work on blocks of symbols, or on a continuous stream of symbols.

(2)       QuickCrypto Encryption Overview

QuickCrypto provides symmetrical file encryption through any of:

Blowfish          448 bit

AES                256 bit            (Advanced Encryption Standard)

Triple DES     168 bit            (TDES, TDEA, 3TDES, 3TDEA, T-EDE and 3DES)

Email/Text Encryption is created using:

Blowfish          448 bit

ACC               n/a                   (Arch Crypto Cypher)

Blowfish  (See Wikipedia.org Blowfish (cipher))

Blowfish is an open source algorithm created by Bruce Schneier. Blowfish provides a good encryption rate in software and no effective cryptanalysis on the full-round version of Blowfish is known publicly as of 2008.

Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the ageing DES and free of the problems associated with other algorithms. At the time, many other designs were proprietary, encumbered by patents or kept as government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain so in all countries. The algorithm can be freely used by anyone." This and its speed (Blowfish is one of the fastest block cyphers in widespread use) has contributed to its popularity in cryptographic software.

AES (See Wikipedia.org - Advanced Encryption Standard)

The Advanced Encryption Standard (AES), also known as Rijndael (pronounced Rine Doll), is a cypher adopted as a standard by the U.S. government in 2002. It has been analysed extensively and is now used world wide as a replacement for the Data Encryption Standard (DES). The cypher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen and is an evolution of refinement of “Square”, one of their earlier designs.

Triple DES (See Wikipedia.org Triple DES)

Triple DES is also known as TDES, TDEA, 3TDES, 3TDEA and 3DES and is slowly being replaced by its natural successor, the Advanced Encryption Standard (AES). TDES can suffer from slow performance in software, AES tends to be around six times faster. In QuickCrypto AES is approximately ?? time faster in like for like tests. AES also offers higher security potential with a larger block size and longer key.

ACC is a proprietary algorithm developed by QuickCrypto.com.

ACC is a symmetric stream cypher. It is an unpublished and proprietary cryptographic treatment designed within QuickCrypto. Given its unpublished status, it quite correctly would be given zero credence by security and cryptography experts. Combined (wrapped within) Blowfish, ACC adds that extra variation other algorithms miss.

(3)       How QuickCrypto Encrypts Files & Text

File data is streamed into the chosen algorithm (Blowfish, AES, Triple DES – Blowfish is the default set on installation) which encrypts the data via the Cypher Block Chaining (CBC) method using the Pass Phrase (which is itself transformed and cryptographically strengthened into a binary 'Secret Key').

File encryption requests are saved in encrypted binary files. The default name of the encrypted file is the supplied file name appended with the extension ".qce", e.g. "Test.doc" will be encrypted and saved as "Text.doc.qce".

Qce files cannot be opened or decrypted successfully by any application other than QuickCrypto (and then the correct Pass Phrase is needed). The encrypted binary files are only a few bytes larger than the source file, but the binary is completely scrambled and not interpretable by any other system or other decryption software.

Once Qce files are decrypted successfully (using the correct Pass Phrase) they revert back to being an exact digital clone of the original file that was encrypted.

These files can therefore then be used for any purpose they were intended for, e.g. documents, images, movies, sounds, etc.

Text Encryption requests are streamed into the QuickCrypto ACC encryption algorithm that obscures any type of system formatting and applies a pseudo-one-time-pad encryption prior to be encrypted with the chosen block cypher.

The text symbols once encrypted are then encoded into base64/radix64 (e.g. "hello" might be displayed as "MyMSBOb3cgaXMgdGhlIHRpb" once encrypted/encoded).

This cypher text (encrypted text) is displayed ready for transmission in an email or saving as a text file.

Cypher text cannot be meaningfully read or decrypted successfully by any application other than QuickCrypto (and then the correct Pass Phrase is also needed).

(4)       Technical Cryptographic Standards adhered to by QuickCrypto

Not all cryptography software is developed using robust and peer reviewed standards, even though the same common algorithm terms will often be included within the sales pitch (DES, AES etc.).

It is how these algorithms (and the all the required supporting cryptographic functions) have been implemented that counts as much as the concept used. It's no point in having an alarmed steel door with twenty different locks on your house, if you leave all the huge windows open.

There can be many short cuts taken in the development of the software that will make it appear that sound encryption has taken place, when in actual fact, it would be 'relatively' easy to break the encryption operation.

Quick Crypto has been developed to adhere to the following Cryptography Standards:

(5)       PBKDF2 (Password-Based Key Derivation Function).

PBKDF2 is a key derivation process that is part of RSA Laboratories' Public Key Cryptography Standards (PKCS), specifically PKCS #5 v2.0 (published as the Internet Engineering Task Force's RFC2898). PBKDF2 (key strengthening) makes password cracking extremely difficult, as it significantly reduces the ability to use a pre-set dictionary to attack a password.

(6)       Cypher Block Chaining

The block cipher confidentiality modes within QuickCrypto comply with Recommendation for Block Cipher Modes of Operation (SP80038A).

(7)       Initialisation Vectors

The input to the encryption process of the Cypher Block Chaining (CBC) mode includes, in addition to the plain text, a data block called the initialisation vector (IV). The IV is used in an initial step in the encryption of a message.

The IV for any particular execution of the encryption process must be and is unpredictable. Every encryption event produces different encrypted output even if the same Source Text or File and Pass Phrase are used.

(8)       Padding

Before encrypting random-length plain text with a block cipher algorithm in CBC mode it needs to be padded to an exact multiple of the block length. QuickCrypto follows the convention from section 6.3 of RFC 3852 (formerly RFC 3369 and RFC 2630), PKCS #5 and PKCS #7.

(9)       Random Number Generation

The random number generator used in QuickCrypto conforms to the NIST Special Publication 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators (SP80090) first published June 2006.

(10)     Arch Crypto Cypher (ACC)

ACC is a symmetric stream cypher. It is an unpublished and proprietary cryptographic treatment designed within QuickCrypto. Given its unpublished status, it quite correctly would be given zero credence by security and cryptography experts. Combined (wrapped within) Blowfish, ACC adds that extra variation other algorithms miss.

(11)     Having secure encryption software is not enough …

It has to be USED!

• The DES algorithm by Richard Outerbridge placed in the public domain 1992.
• The Blowfish algorithm published by Bruce Schneier in Applied Cryptography 1996.
• AES-256 algorithm placed in the public domain by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto in 2000.
• ZLIB data compression used with permission from the 'zlib' general purpose compression library version 1.2.3 Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler.
• The MD5 algorithm from RSA Data Security, Inc. is covered by the following copyright:

Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved. License to copy and use this software is granted provided that it is identified as the ``RSA Data Security, Inc. MD5 Message-Digest Algorithm'' in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as ``derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm'' in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided ``as is'' without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software.