Internationally Available Strong Crypto Products

September 6, 1999. This is the first in a series of three articles devoted to Persons needing strong crypto Internationally. Most books, magazines and websites cover U.S. products, but these are not much use to International users who are penalised by the U.S. export restrictions.

The discussion is separated into three articles:
1. This Article:
           Introduction : What is strong cryptography?
           What are the International restrictions?
           Secured telnet/remote UNIX connections
           File encryption
2. Second Article (September 13):
           Secure Email
           Virtual Private Networks (VPNs)
3. Third Article (September 20):
           Development Libraries
           Secured web services

If we missed out on one of your favourite international products below, or you like to submit corrections/feedback contact us.

Introduction

This article discusses what strong cryptography is, what the restrictions are and give a brief overview of strong products in the following categories.

• Secured telnet/remote UNIX connections
• Email  & File encryption
• Virtual Private networks (VPNs)
• Development Libraries
• Secured web services

Cryptography is the translation of information (known as plaintext) into a coded form (known as cypertext) using a key.  In a strong cryptosystem, the plaintext can only be recovered by the use of the decryption key.
There are several possible weaknesses in a crypto system, and the strength of the system is the strength of the weakest link.

• The secrecy of the symmetric or private key.
• The difficulty of guessing the key or trying all possible keys. The key length determines the encryption strength of an algorithm. All cryptographic algorithms are vulnerable to "brute force" attacks (trying all possible key combinations).
• Bad implementation:
• "Pseudo" random number generators used in encryption engines may be (too) predictable. They must be at least as difficult to predict as it is difficult to guess the encryption key.
• Algorithms can be incorrectly implemented.
• Backdoors may exist.
• Bad design:
• Certain algorithms are easily inverted (easy to analyse and break), examples are those used in  WinWord, Pkzip, WordPerfect etc.
• Algorithms which are not published and subjected to peer review should not be considered as strong, "security through obscurity" is not a defence against the determined, financially powerful attacker.
• Known plaintext attack: by encrypting many known texts and analysing the output, it may be possible to guess how the algorithm works.
• Mathematics advances each year, so new mathematical ideas can weaken existing cryptosystems (examples are the discovery of differential and linear cryptanlysis in recent years). The strength of current Public key systems is based on the difficulty of the mathematical factoring and discrete-logarithm problem. It is possible that new mathematical methods for solving these problems be found, making guessing keys easier.

The definition of "strong" concentrates on the issue of key lengths, but strong keys are useless if the above issues are not addressed. Other weakness that can render strong cryptography useless are: not protecting keys physically, not using strong passphrases or social engineering attacks.
Here we define strong encryption as that which uses key sizes greater than or equal to 1568 bits for Public Keys (RSA, DH and ElGamal) and 90 bits for Shared (symmetric) keys. This is probably enough to protect against large organisations for the next decade. Many people refer to strong cryptography as "128 bit", but this only refers to share key (or symmetric) algorithms. 128 bit symmetric keys should be safe for 50 years at least.

"Strong" for new encryption systems such as Elliptical curve or Quantum cryptography is not included in this definition.

What are the International restrictions?

The U.S. and certain other countries consider encryption to be a weapon and strictly control exports. This is basically crippling the efforts to include standard encryption in Applications, Internet services, and Operating systems.

In general the U.S. allows export of 56 bit shared key systems (DES, 56-bit RC-2/4/5, 56-bit CAST) and 1024 bit public key systems, except to "terrorist countries". The last key relaxation of the export rules was in December 1998.

 
• Exceptions: Exports to Canada & Australia, to  financial institutions, health/medical institutions, subsidiaries of U.S. companies.
• Lotus export Notes with a 64bit key, of which 24bits are escrowed with the U.S. Govt., making it more difficult for non U.S. agencies to look at your Notes communications!
• Certain products may be used by U.S. companies outside the U.S.
• Vendors have started building Interfaces into which strong encryption products can be plugged, assuming they're available internationally. E.g. Eudora Pro has a Plugin API which could allow seamless integration strong international encryption unit, without break U.S. law. Other examples are Sun (Solaris DES & Diffie Hellman libraries), Microsoft (Crypto API), Qualcomm (Eudora Pro + PGP) and various S/MIME & PGP Plugins.

Some countries forbid encryption except when a key has been deposit in an escrow (so the legal authorities can listen to all communications if they need).  Other countries allied to the U.S.  also enforce the U.S. restrictions by allowing strong encryption domestically, but restricting exports. Germany has lifted export restrictions from 1st September 1999.

References

• The reference book on Cryptography is Applied Cryptography,  2^nd Edition 1996, Bruce Schneier
• The "International Law Crypto Survey" of cryptographic laws and regulations throughout the world can be found at cwis.kub.nl/~frw/people/koops/lawsurvy.htm
• www.counterpane.com/keylength.html   (published January 1996)
• An excellent article in May 1998 by Bruce Schneier, "The Crypto Bomb is ticking", Byte Magazine.
• www.ssh.fi/tech/crypto/intro.html
• German links:

www.crypto.de       www.thur.de/ulf/krypto/verbot.html           members.aol.com/InfoWelt/bestof.html

Secured telnet/remote UNIX connections

It is very well designed, supports numerous encryption algorithms (RSA, Triple DES, IDEA, Blowfish, ... ), is backward compatible with the Berkeley "r" commands and supports automatic encryption of X sessions.

Efforts are underway to make SSH an official Internet Standard, see www.ietf.org/html.charters/secsh-charter.html .

• Commercial versions: The company Data Fellows have commercialised SSH into a range of products on PC and UNIX under the F-secure name. Secure VPN tunnels are also on offer.   Europe.DataFellows.com
• The UNIX SSH version 1 is free, stable and easy to use. ftp://ftp.cs.hut.fi/pub/ssh/
• PC versions:
 
• MindTerm is a free SSH client program written in 100% pure Java (non-certified). It can be run as a stand-alone program or as an applet in a webpage. It can be run with or without a GUI (stand-alone). It also has a special ftp-tunnel which works with ordinary ftp daemons behind  the sshd.  www.mindbright.se/english/
• TTSSH is an SSH add on to TeraTerm Pro (a free terminal emulation package) .

TTSSH www.zip.com.au/~roca/ttssh.html
TeraTerm http://hp.vector.co.jp/authors/VA002416/teraterm.html
• NiftyTelnet SSH is a free ssh client for MacOS. It is an enhanced version of NiftyTelnet.
• Documentation:
 
• The SSH2 home page is www.ssh.fi (SSH2 and SSH communications products)
• Getting Started with SSH by Kimmo Suominen  http://www.tac.nyc.ny.us/~kim/ssh/
• SSH FAQ www.employees.org/~satch/ssh/faq
• www.ietf.org/html.charters/secsh-charter.html
• Search for SSH pages on the net: www.links2go.com/topic/SSH

File encryption

PGP

PGP5 (www.pgpi.com or www.nai.com ) is principally an email encryption program, but also very interesting for file encryption. The Windows version has an excellent GUI, the UNIX version has only a command line interface. Network Associates support the commercial version.

1. Symmetric or Asymmetric encryption of files (local or on a network server) on a file-by-file  or directory basis, to protect the privacy of files.
2. Signing of files (local or on a network server) on a file-by-file basis, to verify who files belong to and confirm that they have not changed.
3. Secure deletion (overwriting) of files.
4. PGPdisk offers encrypted logical drives (using symmetric keys)
5. The fact that secure email is possible means that one set of keys is used for both functions and the user only has to learn how to use one program.

F-Secure

F-Secure Desktop V2.0, from Finland allows symmetric encryption of files on Windows systems with a GUI.  www.datafellows.com/f-secure . F-secure Desktop is interesting for:

1. Protecting files for long term storage or transport: Taking a bundle of files, creating an "encrypted package", sending this package (via email or diskette) to someone else anywhere in the world and allowing them to securely decrypt the files, without having F-Secure desktop themselves.

Of course the encryption key must be shared "out of band".
2. Protect files from an attacker who has physical access: Encryption of files (local or on a network server) on a file-by-file basis, to protect the privacy of files.
3. Automatic encryption of a list of confidential files when you log out and decryption when you login in. This mode is only recommended for local files, NOT files on network servers.
4. Secure deletion of confidential files.

FileCrypto 3 is an extension of the F-Desktop product discussed above, with automatic "on the fly" encryption and decryption of "secret files". Files are only decrypted into memory when loaded from disk, so files are always encrypted on disk and so there is no (long) decryption on login and encryption on logout as with F-Desktop.

Others

Sapher Server Ltd., from England produce a software called Secrets for Windows which supports symmetric and asymmetric algorithms and includes macros for easy usage within Microsoft Office Applications.

Cryptext: How about a free NT/Win95 file encryption program? Nick Payne www.pcug.org.au/~njpayne has produced a file encryption tool for Win95/98 & NT called Cryptext, that uses RC4 and SHA-1. It is available in the English, French, German, Portuguese and Spanish languages. V3.2 can be downloaded from ftp.funet.fi/pub/crypt/utilities/file

CodedDrag V2.1 is a extended Shareware encryption tool for Win95/NT. See www.fim.uni-linz.ac.at/codeddrag/codedrag.htm

RITS Private file: A 16bit Windows product which uses DES to encrypt files is Private File . www.rits.ie/products/pf.htm

FLYCRYPT for Windows'95 is a shareware "Transparent" encryption program capable of encrypting files in a selected folder using two strong ciphering algorithms: BLOWFISH (key of length 448 bit, 32 rounds) and GOST 28147-89 (key of length 256 bit, 32 rounds). www.softclub.net/~mahabit/

Ironware (Czech republic) produce the Ironware Folder  PC encryption tool . IDEA or Blowfish algorithms are used to encrypt "marked" folders on shutdown and decrypt them on startup (like F-Secure Desktop above). Several users with different passwords can use the same PC.

Deutsche Telekom TELESEC offer Sfile, for signing and encryption of files, with a chipcard interface.

Enigma98 is a product of Cryptosoft GmbH, Germany which offers symmetric encryption (many ciphers) for 16 and 32bit Windows users.

Sean Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.