M ASTER  S OFTWARE QUALITY SOFTWARE SINCE 1958 |
  |
PROTECT YOUR PRIVACY -- PROTECT YOUR SECURITY
with the strongest line of data file and message encryption software available. |
MX-Crypt Message Encryption System Version 01 User Manual - January 30, 2009 1. MX-CRYPT MESSAGE ENCRYPTION SYSTEM MX-Crypt is a completely new method for secure secret communication. MX-Crypt requires no distribution of keys. The sender and the receiver of a message have their own secret keys for each message, but neither party knows the other party's key. The keys are never transmitted or distributed. This means that two parties who have never met, and have never had the chance to exchange keys, can communicate securely using MX-Crypt. Even if both parties were under constant surveillance, with every email, every phone call and every letter obtained by their opponent, they can still communicate secretly. Even if they say openly, "Let us send our messages using MX-Crypt," and their opponent knows this, even if their opponent also has MX-Crypt, and has every MX-Crypt message they have sent back and forth, their messages still cannot be read. TABLE OF CONTENTS 1. MX-CRYPT MESSAGE ENCRYPTION SYSTEM 1.1. Authentication and Validation 1.2. Private Key 1.3. Three-Pass Protocol 2. SENDING MESSAGES 2.1. Starting MX-Crypt 2.2. Creating the Attention message 2.3. Creating the Ready message 2.4. Encrypting and decrypting the message 3. AUTHENTICATION AND VALIDATION 3.1. Key administrator 3.2. Network users 3.3. Validation 4. ADDITIONAL FUNCTIONS 4.1. Checkpoints 4.2. Deleting cache entries 4.3. Deleting files 5. FILES 5.1. Identifying files 5.2. The MX directory 5.3. File identifiers. 6. KEYS 6.1. Key Do's and Don'ts 6.2. Letters, digits and punctuation 6.3. Key blocks 6.4. Pronounceable keys 6.5. Patterns 6.6. Secretaries and clerks 6.7. Key strength 6.8. Summary: Picking a key Appendix A. DOS BASICS A.1. Starting DOS A.2. Sizing the DOS window A.3. Directories A.4. Current directory A.5. Working with directories A.6. Identifying files A.7. Long names A.8. File operations A.9. Batch files 1.1. Authentication and Validation MX-Crypt has two new features, authentication and validation. The authentication feature prevents a third party from posing as a legitimate user. Even if your opponent had the ability to forge all of the identifying information and routing information in an email header, the MX-Crypt authentication feature prevents your opponent from reading your messages, and it detects and flags any bogus messages your opponent sends. The validation feature prevents someone from altering a message between two legitimate users. This means that someone cannot take a valid message, change any part of it, and then send the altered message to any of the legitimate receivers. It also detects any changes due to transmission errors. 1.2. Private Key Today there are two leading methods for secret communication, secret key and public key. In secret key communication, each of the parties must have a copy of the secret key or keys used for messages. The keys must be distributed to all parties who need to communicate with one another, or who might need to communicate in the future. When a new party joins the group, it may be necessary for a courier to bring the secret keys in person, or even to bring all parties new secret keys for communicating with the new party. In public key cryptography each party has both a private key, which is never distributed, and a public key which must be distributed to everyone who wishes to communicate with them. For widespread use, there must be one or more key-issuing authorities which possess all of the keys, and which distribute these keys to all participants. With MX-Crypt's Private Key method of communication, you and you alone have your secret keys. All of the key generation and handling is done automatically by the MX-Crypt software. Your secret keys are never distributed to anyone, so there is no chance that anyone will ever obtain your keys. All of your keys are locked away on your computer under control of a Master Key that you choose, and that you alone know. The Master Key is never stored or recorded on the computer, so even if someone stole your computer, or copied the entire contents of your hard drive, they still would not be able to get your secret keys. MX-Crypt is the latest in Master Software's extensive line of Private Key encryption software. Our original NK-Crypt Message Encryption System was introduced in 2005. It is based on time-tested large prime technology for proven security. MX-Crypt replaces all of our previous patent-pending matrix-based encryption packages, namely N2-Crypt, N3-Crypt, NS-Crypt and MU-Crypt. All of the users of these products have been upgraded to the new MX-Crypt. MX-Crypt adds new feature called Randomized Matrix Selection which greatly improves the security without sacrificing speed. MX-Crypt is more than 2000 times as fast as NK-Crypt. 1.3. Three-Pass Protocol MX-Crypt uses the Three-Pass Protocol to transmit the message. It is called the Three-Pass Protocol because three encrypted messages are sent. The whole process takes 4 steps. The sender performs steps 1 and 3. The receiver performs steps 2 and 4. Step 1: The sender uses MX-Crypt to encrypt the message with the sender's private key, and sends this Attention message to the receiver. Step 2: The receiver uses MX-Crypt to encrypt the first message with the receiver's private key, and sends this Ready message back to the sender. This second message is encrypted by both the sender and the receiver. Step 3: The sender uses MX-Crypt to remove the first encryption, and sends this final message back to the receiver. Step 4: The receiver uses MX-Crypt to decrypt the final message file. None of the 3 transmitted files contain either the sender's private key or the receiver's private key. None of the messages contain any data that could be used to construct or determine these private keys. The private keys are never transmitted, either openly or in any encrypted or coded form, so there is no possibility of an eavesdropper obtaining a key from an intercepted message. A simple way to understand the three-pass protocol is to picture how it was done 500 years ago. Imagine that each message is written on parchment and placed in a strongbox which is carried by a courier on horseback. The sender puts a secure lock on the strongbox and the courier brings the locked box to the receiver. The sender keeps the key. It is not sent with the courier, nor with a separate courier. The receiver puts a second lock on the strongbox, and the courier takes it back to the sender. The sender removes the first lock and sends the box back. When the receiver gets the strongbox back, it has only the receiver's own lock, so the receiver can unlock the box without ever opening the sender's lock. 2. SENDING MESSAGES 2.1. Starting MX-Crypt To start MX-Crypt, you type the MX command at the DOS prompt. That is, you type mx and then press the Enter key. The first time you run MX-Crypt it will install itself. That will be explained in a later chapter. Let us concentrate first on a how a message is conveyed from the sender to the receiver. The first thing you must do in an MX-Crypt session is to supply the Master Key. This is the key you chose when you installed MX-Crypt. The program prompts you for the key Please enter the Master Key. Key: You type your Master Key exactly the way you entered it when you installed MX-Crypt, for example, Key: mozart pineapple wigwam Remember that the Master Key is case-sensitive, so mozart and Mozart are different keys. If you have entered the Master Key correctly, the session can begin. If the wrong Master Key is given, MX-Crypt immediately shuts down. This important security feature makes it difficult for an intruder to try large numbers of keys. MX-Crypt will then need to know what operation you want to perform. The operation depends on whether you are sending or receiving a message. MX-Crypt will display the session menu and prompt you for the next operation. Select an operation: 1 - Prepare a new file to transmit. Create the Attention message. 2 - Respond to a new received message. Create the Ready message. 3 - Create the encrypted message. 4 - Decrypt the message. A - Change authentication key. C - Checkpoint. Save the cache and Master File. D - Delete entries from the cache. M - Change Master Key. Q - Quit. Type your choice: Steps 1 and 3 will be performed by the sender, while Steps 2 and 4 are performed by the receiver. Let's go through these steps in sequence. 2.2. Creating the Attention message Suppose you are ready to transmit a new message. You would choose Step 1 by typing a 1. MX-Crypt now needs to know what file you want to send. It will ask for the file name Enter the name of the file to be encrypted, for example \NEWPROD\DESIGN\ENGINE.ART or type Q to quit. File name: You would type in the name of the file that contains the message you want to send, for example File name: \recipes\rumcake MX-Crypt will create a series of 3 messages that will be sent back and forth. You need to choose an identifier that will distinguish the 3 message files for this message from all other message files that you and the receiver are sending and receiving. Your message identifier must be 1 to 8 characters long and may contain letters, digits, or both. MX-Crypt will prompt you for the message identifer like this Choose an ID for this message. The ID must be 1 to 8 letters and/or digits. Or, type Q to quit. Message ID: You would respond by typing the message ID that you wish, for example Message ID: party MX-Crypt will then create the Attention message and place it on your computer under the name party.1. You then send the message file party.1 to the receiver, for example by sending it as an attachment to an email, or by uploading it to a website. 2.3. Creating the Ready message When the receiver gets the Attention message, it should be placed in the same directory as the MX-Crypt program. The receiver must then create the Ready message to send back. The receiver goes through the same process of typing MX to start MX-Crypt and then entering the Master Key. For example, mx Please enter the Master Key. Key: k407 d921 h368 This latter, of course, is the receiver's Master Key, and may be completely different from the sender's Master Key. Neither party has any need to know the other's Master Key. Once the Master Key is entered, MX-Crypt will start the session by displaying Select an operation: 1 - Prepare a new file to transmit. Create the Attention message. 2 - Respond to a new received message. Create the Ready message. 3 - Create the encrypted message. 4 - Decrypt the message. A - Change authentication key. C - Checkpoint. Save the cache and Master File. D - Delete entries from the cache. M - Change Master Key. Q - Quit. Type your choice: The receiver will type 2 to indicate that an Attention message has been received, and MX-Crypt should prepare the Ready message. MX-Crypt will prompt the receiver for the message ID by displaying Enter the ID for the message. The ID is the same as the name of the transmitted message. Or, type Q to quit. Message ID: In this example the Attention message was called party.1 so the message ID is party. The receiver types party after the prompt, like Message ID: party and presses Enter. MX-Crypt then creates the Ready message under the name party.2. The receiver sends this message back to the sender. 2.4. Encrypting and decrypting the message When the sender receives the Ready message, MX-Crypt is used to create the final encrypted message file. The process is just as before. The sender types MX to start MX-Crypt, types the Master Key, chooses Step 3, and then types the message ID, which is still party. MX-Crypt creates the encrypted message in the file party.3 which the sender must send to the receiver. Once the receiver has the encrypted message, MX-Crypt can be used to decrypt it, so the message can be read. The process is the same as above. The receiver types MX to start MX-Crypt, enters the Master Key, selects Step 4, and types the message ID party. This time MX-Crypt will prompt the receiver for the name of the output file where the decrypted message should go. Enter the name of the file where you want the decrypted message to be placed, for example \PROJECT\SALES\2008.DOC or type Q to quit. File name: The name that the receiver chooses for the file need not be the same as the name the sender used. In this example, the sender called the file \recipes\rumcake but the receiver might call it \nuclear\treaty\revision.26. The receiver would therefore type the file name as File name: \nuclear\treaty\revision.26 and press Enter. MX-Crypt would then decrypt the message and place it in that file on the receiver's computer. 3. AUTHENTICATION AND VALIDATION Authentication and validation are two new features that protect the users of MX-Crypt. The two terms are sometimes confused. You authenticate people, you validate messages. These features make sure that you send and receive only valid messages from authentic users. There is a possibility with Private Key encryption that an opponent could pose as a legitimate user of the system. For example, your opponent might have the capability of forging emails so that they appear to be from a legitimate correspondent. MX-Crypt uses a new authentication feature which prevents third parties from posing as legitimate correspondents. The authentication feature requires an authentication key which must be distributed to all legitimate users of your network, and kept strictly secret from all other people. With MX-Crypt, all message keys are generated internally by the software, and are never seen by the users. The authentication key, however, will be chosen by a person and distributed to all of the users, who must type it into their systems. The authentication feature is optional. If you choose not to use the authentication feature, it will still protect you against accidental garbling of the message during transmission, but it will not protect you against a deliberate bogus message. 3.1. Key administrator In larger networks, where many users need to communicate with each other, the easiest way to manage authentication keys is for one person to be designated as the key administrator. The key administrator will be responsible for creating and distributing the initial authentication key, and periodic replacement keys. The administrator should choose the key according to the principles in the Keys chapter of this manual. The key administrator enters the authentication key by selecting option A on the main MX-Crypt menu. Select an operation: 1 - Prepare a new file to transmit. Create the Attention message. 2 - Respond to a new received message. Create the Ready message. 3 - Create the encrypted message. 4 - Decrypt the message. A - Change authentication key. C - Checkpoint. Save the cache and Master File. D - Delete entries from the cache. M - Change Master Key. Q - Quit. Type your choice: MX-Crypt will respond by displaying The Authentication Key is case-sensitive. For example, the 6 words sample Sample SAMple SAMPLE SamPle SamplE are all considered different keys. All characters are taken as part of the key, including leading and trailing blanks. Please enter the Authentication Key. Key: The administrator should carefully type in the chosen key. MX-Crypt will respond with The verification code is xxxxx Please check the verification code carefully. Is the verification code correct? (Y or N): The verification code will be a 5-digit number. The administrator should carefully check that the authentication key was typed correctly. If the key is correct, the administrator should record the 5-digit verification code. When the authentication key is distributed to the authorized users, the verification code should be included. 3.2. Network users Each network user should follow the same steps to enter the authentication key. The user should check the verification code. If the verification code does not match the distributed code, that means the authentication key has not been entered correctly. The user should check the code carefully, paying attention to capitalization, missing characters, extra characters, or transposed characters. The user should then retype the authentication key correctly. If the verification code does not match after several tries, it is likely that the user has received an incorrect key. The authentication key needs to typed only once. As soon as the authentication key has been verified using the verification code, the paper containing the key can be destroyed. There is no need to remember the authentication key or the verification code, so there is no need to use an easy-to-remember key format. All network users must use the same authentication key when they communicate with each other. In particular, it is not possible for one user who is using the network authentication key to communicate with another user who is not using the authentication key. If this were possible, that would allow an imposter to pose as a legitimate network user. This means that whenever the authentication key is changed, all users must change keys at the same time. MX-Crypt will not allow a user to change keys while there are any messages in the cache. Changing keys would make these messages unreadable. Therefore changing authentication keys should be done only when the network is quiescent. 3.3. Validation MX-Crypt contains a validation feature which protects you against any accidental or intentional changes to the messages you send and receive. If a message is accidentally changed during transmission, or if some third party attempts to alter your message, the validation feature detects the change. The validation feature is completely automatic. You do not have to do anything, enter any keys or check any verification codes. If anything goes wrong during the transmission of a message, you will get the following message WARNING!! The validation code does not match. The message may have been accidentally damaged or deliberately altered during transmission. 4. ADDITIONAL FUNCTIONS 4.1. Checkpoints MX-Crypt automatically saves the cache and the Master File at the end of each session. If the session is long, either because you are processing many messages, or because some of the message files are large, you may want to save the cache and Master File more frequently. If your computer stops for any reason, such as a hardware error, or a momentary power interruption, you would need to repeat all of the operations in the last session. However, if you take checkpoints, then you would need to repeat only the operations that were done since the last checkpoint. To perform a checkpoint, on the session menu Select an operation: 1 - Prepare a new file to transmit. Create the Attention message. 2 - Respond to a new received message. Create the Ready message. 3 - Create the encrypted message. 4 - Decrypt the message. A - Change authentication key. C - Checkpoint. Save the cache and Master File. D - Delete entries from the cache. M - Change Master Key. Q - Quit. Type your choice: you would type C. 4.2. Deleting cache entries If encryption and decryption proceed smoothly, with Steps 1 through 4 always performed in order, then MX-Crypt will automatically remove unneeeded entries from the cache. However, sometimes operations may not proceed in order. For example, a sender might notify the receiver, "Ignore the last message, here is a new one." In such cases, the receiver might not decrypt the old message, and the corresponding entry would remain in the cache. The cache could fill up over time, and have no room for new entries. To prevent this problem, you may want to check the cache for obsolete or outdated entries. To do this, you would type D at the session menu Select an operation: 1 - Prepare a new file to transmit. Create the Attention message. 2 - Respond to a new received message. Create the Ready message. 3 - Create the encrypted message. 4 - Decrypt the message. A - Change authentication key. C - Checkpoint. Save the cache and Master File. D - Delete entries from the cache. M - Change Master Key. Q - Quit. Type your choice: This will start the cache clean-up operation. MX-Crypt will display the message IDs in the cache, and allow you to delete any message IDs that are no longer needed. The display might look like this: Cache entries 1 to 8 ROME LONDON NEWYORK PARIS CAIRO MOSCOW MUNICH TOKYO Enter a message ID to be deleted, or type Q to quit. Message ID: You would then type the ID that you wanted to delete and press Enter, for example Message ID: cairo You may delete as many message IDs as you wish. When you are finished with this group of message IDs, type Q to quit. If there are more message IDs in the cache, the next group will be displayed, otherwise you will be taken back to the session menu. 4.3. Deleting files MX-Crypt does not automatically delete the intermediate message files xx.1, xx.2 and xx.3. These files are kept in case of problems such as power interruptions or transmission errors. The user may wish to delete old files to prevent the hard disk from getting cluttered with outdated files. Alternatively, the user could keep reusing the same file names, so that old files get continually replaced by current files. For example, the files SMITH.1, SMITH.2 and SMITH.3 could always contain the latest message from Smith. 5. FILES In order to use MX-Crypt effectively you need to know two basic concepts, files and keys. This chapter and the next one will deal with these important topics. The files on your computer are organized into directories or folders. Directories and folders are two names for the same thing. When you are in Windows, the computer will show you lists of files organized as folders. When you are in DOS, the computer will show you lists of those same files in directories. Directories and folders are equivalent. You need to identify which files contain the messages that you want to send. Often these files will be in directories that are named for the program that created them. For example, if you create drawings using a program called EZ-Draw, then the drawings are likely to be in a directory with a name such as \EZ-DRAW\ or \PROGRAMS\EZ-DRAW\ or in a subdirectory of these directories, say \EZ-DRAW\MYFILES\ You should always give your data files and folders names that clearly identify what they contain. That way, you can easily find the files that you want to send, or that you have received. You can find all of the files on your computer by clicking the My Computer icon on the Windows desktop. Equivalently, you can find all of your files by using the DIR command in DOS. You can encrypt any file you wish, even system files. It is safe to do this because the file itself is not changed. MX-Crypt creates new files each time you encrypt a file for transmission. These files are named XXX.1, XXX.2 and XXX.3, where XXX is the message ID that you have chosen. Even if you encrypted one of these XXX files, the encrypted version would have a different message ID from the original, so the file names would be different and there would be no danger. 5.1. Identifying files Each time you send or receive a message you must identify the file to MX-Crypt. MX-Crypt will prompt you for the file name or message identifier at the appropriate time. You identify files to MX-Crypt the same way that you identify files to DOS, namely by specifying the drive, path, filename and extension. (If you already know DOS, you can skip or just skim this section.) drive is the device where your file is stored, usually C for your hard drive, A or B for a floppy drive, D or E for a CDROM drive. path is the directory on your drive where the file is located. filename is the name that you gave your file. The name usually indicates the contents or purpose of the file. extension is a suffix that indicates the kind of file, such as TXT for a text file, JPEG for a picture file, EXE for an executable file, etc. A full file identifier might look like this, c:\mycompany\mydepartment\2005\sales.wp In this example, c: identifies that your file is on the C drive, which is your hard drive. \mycompany\mydepartment\2005\ is the path to your data. It shows that the data file is located in the 2005 folder, which is inside the mydepartment folder, in the mycompany folder. So the path consists of nested folders, or a list of directories. sales.wp is the file with the data. The filename is sales, and the extension is wp, which indicates that it is a WordPerfect document. In a file identifier all of the fields except the filename are optional. drive can be omitted if the file is on the current drive, that is, the drive where you are now working. path can be omitted if the file is on the current directory of the drive. extension can be omitted if the file does not have an extension on its name. For example, if the file is just named oldstuff then no extension is needed. Here are some examples of valid file identifiers: a:budget identifies the file budget in the current directory of the A drive. \jones\commissions identifies the file commissions in the \jones directory on the current drive. late\requests.txt identifies the file requests.txt in the late subdirectory of the current directory. 5.2. The MX directory Messages created by MX-Crypt for transmission are named by a simple identifier without a drive, path, or file extension. MX-Crypt reads the message files from the current directory, and writes them to the current directory. It is recommended that MX-Crypt be installed in its own directory and that these files reside in this same directory along with the MX-Crypt program files. The MX directory might be \mx or \windows\mx or whatever directory you prefer. If you have installed MX-Crypt in its own directory, let's say \mx then you would make \mx the current directory each time you use MX-Crypt. You do this by typing cd \mx at the DOS prompt, and then pressing Enter. To start MX-Crypt you would then issue the MX command. The sequence of DOS commands would be cd \mx mx and then MX-Crypt would start. When you receive MX-Crypt message files from the Internet, or from a website, they should be downloaded into the \mx directory, or else copied into the \mx directory after downloading. Having all of your MX-Crypt message files in a single directory makes it easy to keep track of them, so you can erase old MX-Crypt files once the message has been sent and received. 5.3. File identifiers. If you are sending only a few MX-Crypt messages, then you can use pretty much any message IDs you like, and keep them all straight in your head. However, if you have a large message traffic, with many senders and receivers, you may wish to adopt a systematic approach. One possible convention would be to break the message ID into 3 separate fields, sender, receiver, and message number. For example, a message ID PTRS0117 could designate message number 117 from sender PT to receiver RS. 6. KEYS Choosing the Master Key for encrypting your files is one of the most critical steps in using the MX-Crypt package. If you choose a short or weak key, it may be easy to remember and easy to type each time you need it, but your data will not be secure. It is a serious mistake to think that you can use a weak key simply because you are using such a strong encryption package. A strong safe with a weak lock is not secure. If you choose a long strong key your data will be more secure, but it will be harder for you to remember it and to type it accurately each time it is needed. This chapter will describe techniques for choosing keys that are both secure and easy to remember and to type accurately. 6.1. Key Do's and Don'ts Many people try to take shortcuts in order to have keys that are easy for them to remember. You need to assume that any opponent will also be aware of the same shortcuts. Here are some simple rules that can help prevent a costly error. When you choose a key, do not base the key on your personal information. Assume that your opponent knows all of your personal data. DO NOT base your key on Your birthday Your telephone number Your Social Security number Your license plate number Your spouse's, child's, parent's, sibling's or even your pet's name, birthday, phone number, etc. DO NOT base your key on commonplace phrases Nursery rhymes Song titles or lyrics Folk sayings Names of famous people, groups, places or events Names of books, plays or TV shows Punchlines from jokes Well-known dates Tongue twisters Words or phrases in other languages DO NOT use data widely known within your specialized field Digits of pi or e Names of bones, nerves, or organs Names of stars, minerals, geological features, bacteria, ancient cultures, alloys, proteins, theorems, etc. Mnemonics Names of people, schools, companies, places, etc. The speed of light, Avogadro's number, the Golden Ratio, etc. DO NOT choose sequences of consecutive letters from the alphabet or from the keyboard, whether forwards, backwards or diagonally. DO NOT use the keys that appear in this manual. Always assume that your opponent has read it, too. DO use a long key. DO try to make your key as random as possible. DO read this entire chapter on picking keys. DO evaluate the strength of your key according to the principles in the following sections. DO make your Master Key extra long and strong. 6.2. Letters, digits and punctuation If there are several people who need access to the data, and who are trusted with the Master Key, then the problem of recording or memorizing the Master Key becomes multiplied. Some people have the capacity to memorize long strings of random-looking letters and/or digits, but most people cannot do this. The safest course is to write down your key, and keep it in a secure place, such as a locked safe. Other techniques will be discussed in a later section. It is advisable to have several copies, in case one copy gets lost, stolen or destroyed. The strength of an encryption key is measured in bits, the binary digits that are used by your computer's hardware. Here is a rough guide to how many bits you get from each character in an encryption key when the characters are chosen randomly. Table 1. Strength of each character in a key. Decimal digits = 3.3 bits Single case letters = 4.7 bits Mixed case letters = 5.7 bits Mixed letters and digits = 5.9 bits Mixed letters, digits and punctuation = 6.3 bits Based on this chart, here is the strength of some sample 10-character keys Table 2. Strength of 10-character blocks. 5835701483 = 33 bits Decimal digits CIWMRPTNZX = 47 bits Upper case letters tyuhbivxks = 47 bits Lower case letters DmbHaqREkV = 57 bits Mixed case letters ku8Je94Lg7 = 59 bits Mixed letters and digits g"p5WZc4%F = 63 bits Mixed letters, digits, punctuation As you can see, the strength of the key increases when you choose randomly from a larger set of characters. However, the difficulty of memorizing the keys and typing them accurately becomes much greater as the keys get more random. Note that all of the keys illustrated above are too short to be considered secure. 6.3. Key blocks There are several methods for producing keys that are secure, yet easier for people to manage. The first technique is to break your keys into blocks. It has been a common practice for many years to break coded messages into blocks of 5 characters each so that they can be transcribed more accurately. The same idea works for keys, too. Notice how the key CNWIALVMXBTEPOSBXRNH becomes much easier to read when it is broken into groups of 5 letters CNWIA LVMXB TEPOS BXRNH For longer keys it may be advisable to use additional punctuation to organize the blocks into groups of blocks. For example, 48591-04528-16392, 35207-31654-74925, 09482-71653-42570 GBXTL=PRBUI=LVZEW..BXGMN=LUIQT=SPFAE..VZJOQ=HUKBW=OZCND The second technique is to use groups that have the same structure. Here are some examples, and the strength of each key block 91486 61872 94373 16 bits per block 5 digits T3708 D6204 F5193 18 bits per block 1 letter, 4 digits GS437 BR092 LX528 19 bits per block 2 letters, 3 digits UHM15 XTN63 MYA74 21 bits per block 3 letters, 2 digits QRILC PJRMS OVDZK 23 bits per block 5 letters The strength remains the same when the letters are placed in different positions. For example, all of the following keys have the same strength, namely 2 letters and 3 digits GS437 BR092 LX528 Letters at the start of each block 943KP 471GQ 205YL Letters at the end of each block V107J X219C F738L Letters at both ends of each block 6WF52 9TU48 7JN13 Letters in the middle of each block One advantage of using key blocks that always have the same structure is that there is no confusion between letters and digits. Some letters and digits that may get confused are Letters B G I l O S T Z Digits 8 6 1 1 0 5 7 2 Its position in the block tells you whether the character is a letter or a digit, so there is no need to avoid these characters when you use blocks with a fixed structure. Another variation on this idea is to make each key block uniform, but to vary the types of blocks randomly. Here are two 30-character keys with uniform blocks. Each block consists of all digits, or all uppercase letters, or all lowercase letters. KNUHW 50258 fewrz 39274 gyakf obqnk doztc 81463 69917 AGNDL rdefo PUIZH 6.4. Pronounceable keys Another technique that can be used to produce keys which are secure, yet easy to remember, is to make the keys pronounceable. That is, you would use pronounceable combinations of vowels and consonants to form syllables, and combine these syllables to form artificial words. This method may be valuable in situations where it is unsafe to write down the keys, and they must be memorized. Here are some examples. shambu dilp prelec oltu domex sarbuti shum obior Yotz doruc flean jadmek pra kerazi, Lagatu limbrazon. You can burn the key into your memory by starting with just a few artificial words, say DOZEK ULM HAPLICO, and repeat these to yourself for a day or two. Then add another few words, say DOZEK ULM HAPLICO GRUX ANTIAM, and repeat those in your head for a few more days. You can add some more words the following day. dozek ulm haplico grux antiam ludovesk gur amesqi You can complete the process by adding capitalization and punctuation, like Dozek ulm Haplico "Grux Antiam" ludo-vesk gur a'mesqi. Using mixed-case letters and punctuation increases the strength of your key. You can imagine the key to be a saying in some private language, and make up a translation, in order to fix it more firmly in your mind. For example, Wise king Haplico "Lion of Antioch" out-witted a sorcerer. In a pronounceable key each letter has a strength of about 3.3 bits if the words are fairly uniform in length, and about 3.5 bits if the words are more variable in length. For example, the first key below is fairly uniform in length, while the second is more variable. panek dilbap greho drung fasdop ulben bukty crivan lobykar elb dixiat glem urbiqeo dhorsh uz vilagump 6.5. Patterns When choosing a key, avoid creating any patterns, such as repeated letters or syllables. Patterns weaken the keys by making them easier to guess. Here are some examples of keys with patterns. BBXXTT KKUUVV WWYYCC The letters are all in pairs. aaa3gg5yyyy9ccc7uu2 There are runs of equal letters. 10704 20906 50803 The second and fourth digit in each group is zero. 51615 38183 29092 Each group has an ABCBA pattern. zampana reveske flogoto The vowels in each group are all the same. tuntam memescu saksoli The first and second syllable start with the same letter. debendik devogi delakt Every group starts with de. ABC ghi LMN def XYZ Each group has 3 consecutive letters of the alphabet. 500XD 711TJ 822GN The second and third digits in each group are the same. 31734 23839 30376 Every group has two 3's. dobaku levoti wafigo Consonants and vowels alternate. vgy7 2wdc zse4 7ujm Has diagonal runs on the keyboard. KAZ VEK CIF ZOP HUQ The vowels run in order AEIOU. Once you have chosen a key, inspect it for patterns, and change it to remove them. If your key is a long string of letters or digits, look to see if there are any letters or digits that are used too often, or that are missing. You may want to make some changes. However, don't overdo it. If you use every letter or every digit exactly the same number of times, or if all the letters and digits in each block of your Master Key are always different, those are also patterns which weaken the key. 6.6. Secretaries and clerks Sometimes lower-echelon employees will not safeguard file keys as zealously as other workers. It is common for these employees to write down keys in places that are easily accessible, such as on the computer itself, on their desk pads or wall calendars, or on slips of paper on a bulletin board. Anybody could see the keys and write them down. It is absurd for the company president to keep the Master Key in a locked box inside a walk-in vault, and for the secretary's assistant to write the Master Key on a gummed label on the wall next to the computer. The employee might assume that nobody will ever guess that those cryptic letters and digits are actually the Master Key that unlocks all of the company's secret files. The employee might assume incorrectly. If these employees must be trusted with the Master Key then it is essential that they be educated to avoid such security breaches. Keys should never be written or pasted on the computer itself, the computer desk, a desk pad or calendar, the cover of a notebook or steno pad, the bottom of a stapler, telephone or flowerpot, the back of a clipboard, letter tray or desk organizer, or any similar place. Intruders know to look in such places. Don't make their job easy. 6.7. Key strength The following table is a guide to how long a key must be in order to achieve various levels of security. For example, if you want a key strength of 200 bits, and you use a decimal key, then you need 60 digits. With the speed of current computers 100 bits is the lowest level of security that can be considered safe. The table assumes that the letters or digits of the key are chosen completely randomly. If the letters or digits follow some pattern then your key needs to be longer. For example, a key such as TC174 JF296 BH583 KD629 would be measured as 8 single-case letters and 12 digits, for a total strength of 77 bits. Because of the LLDDD pattern it would not be considered to be 20 mixed letters and digits, which would have a strength of 118 bits. Table 3. For each type of key, this table shows how long to make the key in order to achieve the desired strength. Desired key strength measured in bits Type of key 100 125 150 200 250 300 400 --------------------------------------------------------------- Decimal digits 30 38 45 60 75 90 120 Single-case letters 21 27 32 43 53 64 85 Mixed-case letters 18 22 26 35 44 53 70 S-C letters + digits 19 24 29 39 48 58 77 M-C letters + digits 17 21 25 34 42 50 67 Letters, digits, punc 16 20 24 32 40 47 63 Uniform blocks 22 27 33 44 55 66 88 Pronounceable, uniform 30 38 45 60 75 90 120 Pronounceable, variable 29 36 43 57 71 86 114 For example, if you wanted a decimal key you would read across the top row of this table. If you wanted the decimal key to have a strength of 125 bits, you would look at the second column in the top row to find that you would need 38 decimal digits. If you wanted a key of mixed-case letters and digits with a strength of 250 bits, you would need 42 letters and digits. Note that the longest input line you can enter is 126 characters. (This is a limitation of DOS, not a limit set by MX-Crypt.) So if you wanted 400 bits of strength, and you chose to have a decimal key which requires 120 digits, then you would have only 6 characters left to separate the blocks. Your blocks would need to average over 17 characters each. (A pattern of 17, 17, 17, 17, 17, 17, 18 would fit.) 6.8. Summary: Picking a key The best way to pick a key is to follow these steps. (1) Decide how strong you want your key to be, say 200 bits. (2) Choose the type of key, say blocks of letters and digits. (3) Use the tables above to determine the key length. (4) Randomly choose a key of the required length. (5) Inspect the key for patterns. (6) Adjust the key to remove or reduce the patterns. (7) If you will need the key again, write down the key and keep a copy in a secure place. (8) Type the key when MX-Crypt asks for it. Appendix A. DOS BASICS MX-Crypt runs under DOS, not under Windows. DOS was the primary operating system for personal computers from about 1975 to 1995. Older versions of Windows, prior to the introduction of Windows 95, ran as tasks under DOS. Since 1995 the situation has reversed, and DOS now runs as a task under Windows. Every computer user before 1995 knew DOS well. However, newer computer users may not be familiar with DOS, so that a little basic orientation may be helpful. A.1. Starting DOS On newer computers it may be difficult even to find DOS in order to use it. There are two methods for running DOS. The first method is to click on a DOS icon from your desktop, or from a taskbar at the top or bottom edge of the desktop. The icon may say DOS, or MSDOS, or possibly CMD or COMMAND. Clicking any one of these icons will start DOS. If there is a DOS icon on your desktop or in a taskbar, you can skip the rest of this section. If there is no DOS icon on your desktop or taskbar you may find one elsewhere. Start by clicking on "Start" in the corner of the screen. This will bring up a menu listing various programs and options. If there is a DOS icon there, you can use it directly, or you could drag it onto the desktop for future use. If it is not there, click on "Programs" or "All Programs." This will bring up a long list of various programs that are on your computer. If one of these is DOS, you can click it, or you can drag it to the desktop. If you still don't see a DOS or CMD icon, put your mouse on each of the icons that you see. Don't click, just let the mouse cursor rest on the icon. This will often bring up another list of programs, and DOS may be among them. If DOS still is not there, don't give up. You just need to search deeper. In the list of All Programs there will be some folders with names such as "Applications" or "System Utilities." Click to open each of these folders. In those folders you may find DOS or CMD. Or, you may find more folders. Again, rest the mouse on the names of programs, and click on folders to find even more well-hidden programs and folders. Once you find the DOS icon, drag it to the desktop. Put the mouse cursor on the DOS icon and hold down the left button. Move the mouse to drag the cursor onto the desktop, and then release it to drop the icon on the desktop. Click the desktop to close all of the other windows. Then drag the DOS icon to wherever you want it on the desktop. If all of this fails, it is time to try the second method. Go back to the desktop, and click on "Start" again. In the list of options click on "Run" or "Run Program." This will open a small window with a box where you can type the name of a program that you wish to run. Type CMD in this box, and then press Enter. This will open a DOS window. A.2. Sizing the DOS window The DOS window will often be a small window in the middle of the screen, probably off-center. It is easier to work with DOS in full-screen mode, with no distracting windows or borders. To do this, right click on the top border of the DOS window, and select "Properties" from the pop-up window that appears. Use the various options to select full-screen mode. This may take several tries before it works, so don't get frustrated if the next time you use DOS you get the same small window, and need to resize it again. When you do get the full screen mode, the screen is likely to be set to 50-line mode. This makes the characters small and crudely formed. You may be more comfortable using 25-line mode. To switch, you can type the command mode con lines=25 This will double the size of the characters and make them easier to read. A.3. Directories In DOS your computer's hard disk is organized into directories. All of the files on your computer are in directories. These correspond to the folders in Windows. Directories and folders are the same thing. A directory or a folder can contain files and more directories or folders, so that the folders or directories are nested one inside the other in a hierarchy. The top of the hierarchy is called the "root directory." Typically the root directory does not contain any files. Rather, it contains all of the principal directories on the computer, such as \Windows \Program Files \Documents and Settings and so forth. The backslash \ in front of these directory names shows that they are directories within the root directory. A directory within another directory is sometimes called a subdirectory. In the example above the directory Windows would be a subdirectory of the root directory. A.4. Current directory Files are identified in DOS by using a path, a filename and a filetype. For example, direc1\direc2\file1.doc Here the path is direc1\direc2, the filename is file1 and the filetype is doc. The path consists of the sequence of nested directories which contain the desired file. If the path starts with a \ backslash, then the sequence of directories start from the root directory. If the backslash is omitted, then the path starts from the current directory. For example, if the current directory is Windows, then the file identifier direc1\direc2\file1.doc would refer to the file \Windows\direc1\direc2\file1.doc By setting the current directory you can shorten the names of programs and files that you must type. For example, if you want to use the program \direc1\direc2\prog1.exe to process the data files \direc1\direc2\file1.dat and \direc1\direc2\file2.dat you could type \direc1\direc2\prog1 \direc1\direc2\file1.dat \direc1\direc2\file2.dat If you changed the current directory to \direc1\direc2 then this could be shortened to prog1 file1.dat file2.dat The command to change the current directory is cd. To change the current directory to \direc1\direc2 you would type cd \direc1\direc2\ If you later wanted to change the current directory to \direc1\direc2\direc3 it is sufficient to type cd direc3 since you were already in the directory \direc1\direc2. A.5. Working with directories You can make your own directories by using the Make Directory command. For example, if the current directory is \direc1\direc2 and you wanted to make a subdirectory called direc3, then you could type md direc3 Starting from the root directory, the new directory would be \direc1\direc2\direc3. To remove a directory, you can use the Remove Directory command. For example, to remove the directory \direc1\direc2\direc3 you would type rd \direc1\direc2\direc3 As a safety precaution, you cannot remove a directory until you have deleted all of the files in the directory, and removed all of its subdirectories. This prevents you from accidentally deleting files that you meant to keep. To list the contents of a directory, you can use the Directory command. The basic format is dir mydirec /options Here mydirec is the directory you want to list. There are many possible options. Here are a few of the most useful: /s List the contents of all subdirectories /on Sort the files by name /os Sort the files, smallest to largest /o-s Sort the files, largest to smallest /od Sort the files, oldest to newest /o-d Sort the files, newest to oldest /p Pause after every 20 lines You can use several options in the same command. For example, dir \direc1 /s /od /p would list the files in \direc1 and all of its subdirectories sorted from oldest to newest, and pausing after every 20 lines. You can also list specific files, files that have a given filename or filetype, or files whose filenames and filetypes begin with specific letters. Here are some examples dir tax.ref Lists the file tax.ref. dir tax.* Lists all files with the name tax. dir *.doc Lists all files of type doc. dir st*.c* Lists all files whose filename starts with st and whose filetype begins with c, such as startup.cfg, study.com or state.core. The * asterisks in these commands are called wildcards because they can be replaced by any set of letters. These commands can tell you whether these files exist, their sizes, and the date they were last updated. A.6. Identifying files All of the data in your computer resides in files. Files contain the operating system, all of the application programs, and all of the data that they use and create. Files are identified to DOS by four fields, namely the drive, path, filename and extension. drive is the device where your file is stored, usually C for your hard drive, A or B for a floppy drive, D or E for a CDROM drive. path is the directory on your drive where the file is located. filename is the name that you gave your file. The name usually indicates the contents or purpose of the file. extension is a suffix that indicates the kind of file, such as TXT for a text file, JPEG for a picture file, EXE for an executable file, etc. A full file identifier might look like this, c:\mycompany\mydepartment\2005\sales.wp In this example, c: identifies that your file is on the C drive, which is your hard drive. \mycompany\mydepartment\2005\ is the path to your data. It shows that the data file is located in the 2005 folder, which is inside the mydepartment folder, in the mycompany folder. So the path consists of nested folders, or a list of directories. sales.wp is the file with the data. The filename is sales, and the extension is wp, which indicates that it is a WordPerfect document. In a file identifier all of the fields except the filename are optional. drive can be omitted if the file is on the current drive, that is, the drive where you are now working. path can be omitted if the file is on the current directory of the drive. extension can be omitted if the file does not have an extension on its name. For example, if the file is just named oldstuff then no extension is needed. Here are some examples of valid file identifiers: a:budget identifies the file budget in the current directory of the A drive. \jones\commissions identifies the file commissions in the jones directory on the current drive. late\requests.txt identifies the file requests.txt in the late subdirectory of the current directory. A.7. Long names Some Windows files and directories have long names, or names containing blanks or dots, such as Documents and Settings My Music Microsoft.Net SharedReg12.dll Microsoft has made the naming of files and directories incompatible between Windows and DOS. DOS limits directory names to 8 characters, and does not allow blanks in names. To refer to these directories, you need to shorten the names down to 8 characters. The short name is formed by taking the first 6 non-blank characters of the name plus the combination ~1. When the name of a directory contains a . dot character, each of the parts of the name is treated separately. For example, for the directories above, Documents and Settings would be called Docume~1 My Music would be called MyMusi~1 Microsoft.Net would be called Micros~1.Net SharedReg12.dll would be called Shared~1.dll Thus a full path and file name such as \Windows\Microsoft.Net\Framework\SharedReg12.dll in DOS would be called \Windows\Micros~1.Net\Framew~1\Shared~1.dll It is a good idea to give all of your own files and directories names that are compatible with DOS. The names should be no more than 8 characters long and should not contain blanks. A.8. File operations Besides the encryption and decryption operations that you perform using MX-Crypt, it can be useful to know several other common file operations. There is no DOS operation to create a file. Files are created by application programs such as word processors, picture editors, spreadsheets, etc. Once created, files can be copied, renamed and deleted. It is important to remember that encrypted files should not be renamed, and files should not be copied into or out of a group of encrypted files. It is safest to decrypt files before renaming or copying. To copy a file to a new location, the command is copy oldfile newfile The old file and new file identifiers can be fully qualified, that is, they may have drive, path, filename and filetype. So the copy command can be used to copy files to other directories or to other drives. Wildcards can be used in the copy command to copy groups of files. For example, the command copy \oldpath\*.doc \newpath\*.* would copy all files of type doc from the \oldpath directory to the \newpath directory. The rename command works similarly to the copy command. The form is ren oldfile newname Here oldfile can be fully qualified, with drive, path, filename and filetype. However, newname can have only a new filename and filetype. There cannot be a new drive or new path because the file does not change its location, only its name and/or type. For example, ren target\x3*.jpg x4*.* would rename all of the jpg files in the target directory that start with x3 to start with x4. The command to delete files takes the form del file Here, file can be a fully-qualified file identifier, with drive, path, filename and filetype. It can also have wildcards so that you can delete several files with a single command. For example, del a:old*.* would delete all files in the current directory of the a drive whose filenames start with old. Note that deleting a file does not erase it. The file still exists on the disk, where it can be read by various utility programs that are available for that purpose. The file will remain there until some other file eventually gets written on top of it. A.9. Batch files Batch files are a useful way to reduce the number and complexity of the DOS commands that you must type. Each batch file can contain any number of DOS commands. You execute the entire sequence of DOS commands just by typing the name of the batch file. Here is a simple example. Suppose that you frequently use the program MX-Crypt. If the current directory is \plans\tower but MX-Crypt is in the directory \programs\download then to use MX-Crypt you would type \programs\download\MX To make this easier, you could create a batch file named MX.bat on the current directory. This file would contain the single line \programs\download\MX Now when you wanted to execute MX-Crypt all you would need to type is MX You could place a copy of the batch file MX.bat in every directory where you usually work. Then you could run MX-Crypt from anywhere just by typing MX. You would not need to have multiple copies of MX-Crypt. There are many other DOS commands and options. This is just a small sample of useful DOS commands.