Security of Encrypted Magic Folders
Alex Woolfson
abdiel at worldnet.att.net
Thu Dec 4 20:25:44 PST 1997
Hello, all! Back reading the list after a long hiatus. Glad it's still as
good as ever. Anyway, thought I'd appeal to the collective brain trust as
this question is over my head. Please "cc" me directly since I'm on the
filtered cypherpunk list.
I just downloaded Encrypted Magic Folders--a program that hides Windows 95
folders and then encrypts them to prevent a disk utility from revealing
their content. In their help file, they try to answer the question "How
Secure is it?"--and, of course, they say *very*, but I can't tell if this is
so or if they're just blowing smoke. Particularly, their claim that key
size doesn't matter. (My mom taught me size always matters... ) If
someone with a stronger cryptography background than me could take a look at
this and let me know, I would greatly appreciate it.
Thanks!
Alex
* How Secure is it?
EMF's encryption offers good protection and excellent speed. It
hasn't been broken yet. It is, as far as we know, exportable. THERE
IS NO BACKDOOR. Should you forget your password there is nothing we
can do to decrypt your encrypted files.
Quite a few people ask us how big EMF's key size is. They've learned
from other encryption programs that the bigger the key the stronger
the encryption. This really doesn't apply to EMF.
We developed our own encryption instead of using a standard because
we wanted EMF to be able to decrypt at the byte level. In this way
we only need to decrypt/encrypt the data your programs require and
not the entire file.
In theory, because we decrypt at the byte level, the biggest key we
could use would be 8 bits - which is a joke. So instead of
decrypting every hunk of data using the same key, as most other
encryption programs do, we developed an algorithm to vary the key
based on the data's location within the file. In this way we get
both high security and high speed. We are trying to patent EMF's
encryption method.
Having said all that, truth is, most encryption isn't "cracked" by
breaking the algorithm, it's done by guessing the password. Brute
guessing of passwords tends to level the playing field tremendously.
We actually have an advantage because we aren't an established
standard. Because we're small and relatively obscure chances are no
one will take the effort to write a password guessing program (which
incidentally would violate copyright and intellectual property laws.)
Even if someone were to go thru all this effort we could easily
change the encryption method for the next update.
If we used an established encryption method like DES or Blowfish then
your files would probably have to be fully decrypted when opened,
would exist on disk as unencrypted while you're using them, and then
would need to be encrypted when closed. This has multiple
disadvantages. First, if your computer shuts down while you have
"encrypted" files open, then those files would be unencrypted. This
doesn't happen with EMF as your encrypted files are always encrypted
as stored on disk. The second disadvantage is that it slows things
down tremendously. As an example, let's say you retrieve your email
and your email program needs to add today's message to the end of
your 3MB email file. If we used a standard encryption method
requiring the decryption of the file before use then the entire 3 MB
file would have to be decrypted, your 300 byte message added to the
end and then the entire file encrypted again. With EMF, no
decryption would need to take place, and the only data needing
encryption would be the 300 byte message. MUCH faster. Around
20,000 times faster in this example!
If you still think you'd like to see us use a standard encryption
method like DES or Blowfish, or have any other suggestions, let us
know and we will consider your input in future updates
More information about the cypherpunks-legacy
mailing list