On Thu, 4 Dec 1997, Alex Woolfson wrote:

EMF's encryption offers good protection and excellent speed. It hasn't been broken yet. It is, as far as we know, exportable. THERE IS NO BACKDOOR. Should you forget your password there is nothing we can do to decrypt your encrypted files.

If it is exportable, then it is weak encryption by definition. The question is how weak. Reading their marketting crap provides more insights in just how lame this is:

Quite a few people ask us how big EMF's key size is. They've learned from other encryption programs that the bigger the key the stronger the encryption. This really doesn't apply to EMF.

We developed our own encryption instead of using a standard because we wanted EMF to be able to decrypt at the byte level. In this way we only need to decrypt/encrypt the data your programs require and not the entire file.

In other words: security through obscurity. Smells like snake oil, looks like snake oil, it even has bits of snake scales in it. Heck, if they say that the key size is not important, it's likely very tiny, or regardless of what key size you'd use (if you had any choice), it's such a weak cypher that it wouldn't get you anything.

In theory, because we decrypt at the byte level, the biggest key we could use would be 8 bits - which is a joke. So instead of decrypting every hunk of data using the same key, as most other encryption programs do, we developed an algorithm to vary the key based on the data's location within the file. In this way we get both high security and high speed. We are trying to patent EMF's encryption method.

Whoop. so the key is the location of the data? At most, this means a 32 bit key on most file systems, 64 bits on newer file systems. This assumes that your file is long enough for that. But as a key, this is totally useless as the key is the location which is visible to all. Likely they would be wise to "mix" this location key with the passphrase. This offers little more than CBC would. The only difference is that CBC is based on the previous block, where this is based on the location of a byte in the file (which is known) whereas a CBC depedns on knowledge of the previous block. If they did it the right way, they'd use the passphrase to build a lookup table of large keys based on the byte location within a file, but because this depends on your passphrase, your security is still that of the passphrase at maximum. There may be ways to weaken this.

Having said all that, truth is, most encryption isn't "cracked" by breaking the algorithm, it's done by guessing the password. Brute guessing of passwords tends to level the playing field tremendously. We actually have an advantage because we aren't an established standard. Because we're small and relatively obscure chances are no one will take the effort to write a password guessing program (which incidentally would violate copyright and intellectual property laws.) Even if someone were to go thru all this effort we could easily change the encryption method for the next update.

This is total bullshit. It's Grade A, government approved exportable snake oil. Just because they are small and obscure it doesn't guarantee you any extra safety. Just because nobody has bothered to write a brute forcer for their code doens't mean nobody can do so. And no, this would not violate any of their copyright if the author of the brute forcer proggie wrote it without copying their code. It might violate intellectual property laws if they had a patent on it, but they can't get one since they're going by security through obscurity. They claim to be applying for a patent, but if they do, their code is published and their weaknesses will be displayed. It might violate trade secret laws if someone who has the source or the algorithm shares it, but not if someone reverse engineers it (depending on reverse engineering laws of course.) Just because they could "rewrite" the code in the next update against cracking or brute force attacks does not buy you security. FYI: If you use this crap and someone steals a copy of the encrypted files off your hard drive, it doesn't matter what new updates this company produces. The fact is you used the older breakable version, the attacker has your cyphertext and will decode it.

If we used an established encryption method like DES or Blowfish then your files would probably have to be fully decrypted when opened, would exist on disk as unencrypted while you're using them, and then would need to be encrypted when closed.

Translation: We don't use CBC, because that would be more work and slow down our crappy cypher. Deeper translation: break any portion of any encrypted file and you'll likely break the whole thing if not huge parts of it. "Established encryption methods (sic)" use CBC because it adds security. Their algorithms are well published and well known so people can find their weaknesses and publicise them. Whatever weaknesses there are in this thing are hidden from those who can't or won't reverse engineer it. But there are plenty of those who can and will, and have no qualms about releasing it anonymously, or worse: keeping the expolit to themselves so as to exploit those stupid enough to use this lame shit. It only takes one cracker with a good disassembler to reverse engineer their code and find all the holes, and they'll be out of business. If what protects your data is the cypher, and not the key, then breaking the cypher is all you need to do. Heck, I'd bet they use something really shitty like this: (since "key size is not important", and "depends on location".) char code(char *passphrase, char data, long location); { int i; char c; for (i=0; passphrase[i]>0; c^=passphrase[i++]); return (data ^ c ^ (char)(location & 0xff)); } Gee, I probably violated their "intellectual" property by guessing their code, heh.

This has multiple disadvantages. First, if your computer shuts down while you have "encrypted" files open, then those files would be unencrypted. This doesn't happen with EMF as your encrypted files are always encrypted as stored on disk. The second disadvantage is that it slows things down tremendously.

Not if you use an encrypted disk driver. then, all your data is encrypted all the time. (You get into other issues such as keeping the passphrase or key from falling into the pagefiles, etc...) [Meaningless babble deleted.] =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================