<<NetAction>>
NetAction’s Guide to
Using Encryption Software
NetAction is a project of The Tides Center
601 Van Ness Ave., No. 631 * San Francisco, CA 94102
Phone: (415) 775-8674 * Fax: (415) 673-3813 * E-mail
email@netaction.org
Web: http://www.netaction.org
NetAction's Guide to Using Encryption Software
Table of Contents
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
What is encryption, and how does it work?
A. Fundamentals
B. Software
Do I need encryption?
How does encryption software keep my information secure?
What features are available in encryption software?
What are the vulnerabilities in encryption, and how do I guard against them?
Where can I get more encryption software?
Why does the U.S. government want to restrict the use of encryption software?
Where can I read more about encryption?
How do I find out whether a particular encryption program is legally available where I
live?
Cryptography Terms
Appendices
Appendix A. "Brute Force" Cracking
Appendix B. What are the different kinds of algorithms that encryption software
programs utilize?
About this guide
NetAction prepared this guide primarily to help U.S.-based organizations and activists
learn to use encryption software. If you are located outside the U.S., you will need to determine
whether the use of encryption is restricted in your location before downloading any of the
encryption software discussed in this guide.
This guide was researched by Matt McCarthy and co-written by Matt McCarthy and
Audrie Krause, with editorial assistance provided by Theresa Chen and Andrea Jepson. This
guide is available on NetAction's web site in various formats:
http://netaction.org/encrypt/
Copyright 2001 by NetAction/The Tides Center. NetAction is a project of The Tides
Center, a 501 (c)(3) organization. All rights reserved. All material in this guide may be reposted
or reproduced for non-commercial use provided NetAction is cited as the source.
1
1. What is encryption, and how does it work?
Fundamentals
Encryption is a software tool that uses scrambling to make data unreadable to anyone
other than the intended recipient. It is useful to ensure the privacy of data that you store on your
computer, or that you want to email to someone else.
Encryption software programs use algorithms, or complex mathematical processes, to
scramble and unscramble (or "encrypt" and "decrypt") the data. Algorithms work through the
creation of keys, which are specific strings of data used for encryption. These keys consist of
long strings of bits, or binary numbers. The more bits in the key, the greater the number of
possible combinations of binary numbers, making the code more difficult to break. You may
have heard of “56-bit” or “128-bit” keys, for example. With more bits, the 128-bit key is more
difficult to break than the 56-bit key.
If you’re curious, you can see what an algorithm looks like: IDEA is one of the
algorithms used in Pretty Good Privacy (PGP). An encryption algorithm scrambles data by
combining the bits in the key with the data bits; in decryption, the algorithm unscrambles data by
separating the data bits from the key bits. In symmetric key encryption, the same key is used to
scramble and unscramble data. In asymmetric key encryption, two different keys are required:
one to scramble and one to unscramble. With either method, a recipient cannot access the
original data without the correct key.
Here is an example of data that has been encrypted:
(((((6144MACDNDHJCFHDDNFAMDMEKJNHMKBNHKIMEJIOLFOKHOB
IHMGGJHLMOKOHIIOHNNEGEHOCCBJFADBGINMEEPHEGHGOONKE
EKGBJKBJLKPAKAPDFJECLMLFMPLDEANEENKGHAFDIMHLBCMLAP
IPHMFCONIKHAKCHGGNINPADOFFMDNCLLHEIHBFFLJPEJHPOKFDB
NHKIBLLCCOKLDKOHEPPJICHOFJAAJLMKJIFIAIFCD))))) ***
You can decrypt this data with ShyFile, a web-based encryption program. Go to
http://www.shyfile.net/d.htm, paste the encrypted message into the appropriate box, and use this
key to decode the message: netaction.org-encryptionfornonprofits
Software
Encryption software is available for many purposes. You may already be familiar with
one form of encryption software: many e-commerce and donation Web sites use Secure Socket
Layers (SSL). Whenever you visit any Web page with an address starting with "https" instead of
"http,” SSL will automatically encrypt anything you type into that page, such as passwords or
credit card information, before sending it over the Web.
Our guide focuses on encryption software for email and files, which is considerably more
complicated than SSL encryption. Encrypted files can be attached to an email message,
uploaded to a Web server via File Transfer Protocol (FTP), or put on a floppy disk and passed by
hand. Email messages themselves can also be encrypted. It is not necessary, however, for an
email message to be encrypted in order to send it with an encrypted attachment. For example, an
encrypted document can be attached to an unencrypted email message that says, "See the
attached confidential document." Encryption software specifically intended for use with email is
generally easier to use than software intended to encrypt files, because email encryption software
integrates seamlessly into the email program. Some email encryption software, for example,
adds buttons to your mail program's menu.
2
Different software programs have different strengths and vulnerabilities, and employ
different ways of distributing the keys that scramble and unscramble data. Some software
programs require the recipient of an encrypted document or email message to use the same
software the sender used. Others simply require the recipient to possess the same key or
password that the sender used.
2. Do I need encryption?
Ask around, and you’ll hear varied opinions on whether to use encryption. Certainly, it
can add complexity to using your computer. It may be a minor inconvenience such as having to
log in with a password every time you turn on your computer, or a major hassle, such as having
to fool with a difficult interface every time you want to do anything on your computer.
Encrypting large files can take a lot of time and computing power. Even worse, losing passwords
or corrupting encryption program installations can lead to data loss. So why bother?
The answer is simple: if the data on your computer is sensitive enough, you should use
encryption. For example:



Do you have data that could cause damage to or embarrass your organization or your
personal reputation if it fell into the wrong hands? (For example, a memo outlining your
organization's legal strategy for suing a corporation that has illegally dumped hazardous
waste in your community's landfill.)
Are there documents on your computer that are strictly confidential? (For example, bank
and credit card account numbers, or personnel files.)
Do you send and receive email messages containing confidential information about your
organization's work?
If the answer to any of these questions is "yes," you should take steps to ensure the
privacy of this data.
Keep in mind that you don't need to spot suspicious men in a satellite dish-equipped van
parked outside your building to warn you that you are potentially at risk of data theft. Malicious
hackers may find vulnerabilities in your Internet connection. It's a good idea always to assume
that it's possible for someone to violate your computer's security and privacy, and act accordingly
to prevent it. This is especially true if you are using Microsoft software, which is particularly
vulnerable because it is so widely used. (Malicious hackers know they can cause the most
damage by targeting widely used software programs.)
Even if you take the extra steps required to encrypt your data, there are still likely to be
vulnerabilities that could allow a skilled or well-funded data thief to get access to your data.
Read the section on vulnerabilities for details.
It's up to you to weigh the risk of data theft against the trouble it would take to guard
against it by using encryption. Because the usability, learning curve, and difficulty of using these
programs factors greatly into the equation of whether you want (or need) to use them, our
software reviews focus on how easy it is to get started with the programs and to use them on a
day-to-day basis. Since cost is also a major concern for non-profits, we have included reviews of
several low-cost or free software options.
3. How does encryption software keep my information secure?
3
All encryption software programs choose an algorithm that they rely on to scramble and
unscramble your data. Some programs use more obscure, proprietary algorithms, but others use
widely available algorithms. The benefit of using an obscure algorithm is there is less likelihood
that tools for cracking it are available. The benefit of using a well-known algorithm is that it has
been thoroughly tested. If a vulnerability has not yet been discovered, finding one is probably
very difficult.
(For more in-depth information on the various available algorithms, see Appendix B:
What are the different kinds of algorithms that encryption software programs utilize?)
Software uses algorithms to encrypt your data in two ways: the symmetric key method,
and the asymmetric key method. With either method, it is important to save a copy of your key
on a floppy of zip disk, a CD, or another hard drive. Otherwise, if you lose or forget your key, or
the key data gets corrupted, you will not be able to decrypt your encrypted data.
Symmetric Key (Basic Model: encrypt and decrypt with the same password)
Many encryption programs scramble and unscramble with the same key. This simple
scheme allows anyone possessing the key that encrypted the data to also decrypt the data. It is
important, in order to maintain security, that the sender distribute the key to the intended
recipient without letting it fall into the wrong hands. If the sender emails the key in a regular,
unscrambled message, malicious parties could easily intercept it in transit. If the sender encrypts
the key before emailing it, the recipient will need a second key to decrypt the first key. If the
sender copies the key onto a floppy or zip disk, or CD, the disk could be lost in transit or
misplaced by the recipient.
Only software programs utilizing this basic model, symmetric key encryption, allow the
recipient to unscramble an encrypted message without using the same software the sender used
to scramble it. For example, the sender could create a self-decrypting archive that prompts the
recipient for a password when double-clicked. Or the sender could create files that could be
dragged into a Web browser and unscrambled with a web-based decryption script like ShyFile.
Not all programs support self-decrypting archives.
To summarize: the simplicity of symmetric key encryption makes it easy to understand,
but distribution of the key is risky.
Asymmetric Key (Public/Private Model: sender uses the recipient's public key to encrypt, and
the recipient uses his or her corresponding private key to decrypt.)
Some software programs use the asymmetric key, or "public key/private key" model,
which requires both the sender and the recipient to have the same software. With this model, the
recipient makes a pair of keys, both of which can be unlocked with a single password. One half
of the pair is a public key that anyone with the same software uses to encrypt a message to the
recipient. The sender does not need the recipient’s password to use his or her public key to
encrypt data. The recipient’s other key is a private key that only he or she can use when
decrypting the message. The private key should never be distributed since the private key assures
that only the intended recipient can unscramble data intended for him or her. The recipient can
freely distribute the public key without worrying since it is only used to scramble the data.
You must meet two conditions before you can use asymmetric encryption software: 1)
the recipient must have the same software and already have created a key pair, and 2) you must
have the recipient's public key. There are many ways to distribute a public key: through text in
an email, through text in a file on a floppy disk, or by posting it on special Internet sites known
as key servers. For example, if the recipient's public key is available on a PGP server, your PGP
software program can retrieve and store the key on your computer for use at any time.
4
Here is an example of how asymmetric encryption works: If Jack has Jill's public key,
Jack can send encrypted files that Jill can unlock with her private key. Jack can't use Jill's public
key to decrypt files intended for Jill (since decrypting a file intended for Jill requires Jill's private
key), nor can he sign files pretending to be Jill. Even if Jack got his hands on Jill's private key
file, he would need Jill's password to access it.
The biggest problem with this method of encryption is verifying that the sender is who he
or she claims to be. The solution is called a “Web of Trust", which makes use of digital
signatures. If Jill wants to verify that the Jack who sent her an encrypted file is really the Jack
she knows, she confirms his identity by some non-electronic method, such as a personal meeting
or phone call, or by an electronic method such as the AT&T Pathserver. If Jack has previously
taken similar steps to confirm the identity of John Doe, Jill can also trust an encrypted file from
John.
See an illustrated model of encrypting and signing data. These pages are part of the Asia
Pacific Network Information Centre's Certificate Authority Status Report.
4. What features are available in encryption software?
Some software programs are more useful for encrypting files, and others are more useful
for encrypting text messages, like email and instant messages. It’s possible to use a fileencryption program for both files and email. Some file-encryption programs, for example,
encrypt email by transforming the message into a file, and then sending the encrypted file.
However, some of the software specifically designed for email encryption is much easier to use
than programs for file encryption. Other email encryption software programs convert plaintext
to ciphertext, which is useful for encrypting email or text documents, but useless for encrypting
images or other non-text files. Other encryption software simply enables you to store encrypted
files on your computer.
In addition to the different encryption algorithms and models, there are different software
interfaces. Some programs require you to locate the file you want to encrypt through a regular
"file-open" dialogue window. Others, including PGP, allow you to encrypt a highlighted section
of text that you select from an open document. Some email encryption programs include plug-ins
that add buttons to your program menu, so you can encrypt a message with literally the touch of
a button. These interface alternatives can be important for first-time users since they can make
the software easier to use. They are also important for anyone who uses encryption daily, since a
cumbersome encryption and decryption process may deter use.
When you try an encryption program, check for the features that you need (e.g. encrypts
your email, encrypts your files, etc.), as well as its ease of use.


Does the program software offer hotkeys, install a program icon on the main desktop
menu, or include other quick ways to call up functions?
Does the program automatically identify relevant files so that double-clicking on an
encrypted file prompts you for a password to decrypt it? Or does it instead require you to
start the program, open the file, and then choose to decrypt it?
Some features you may find useful in any encryption software:

It allows the recipient to decrypt the file or message without having to install the
program that was used to encrypt it. (This feature does not seem to be available with
asymmetric key cryptography.
5


It uses strong encryption (128-bit or greater; higher is generally better).
It uses tried-and-true, thoroughly tested algorithms, or includes more than one from
which you can choose.
Some features you may find useful in email encryption software:
 It allows you to decide easily whether to encrypt a message, and lets you determine
whether encrypting new messages should be the default. A well-integrated
encryption program should not require you to deal with cutting and pasting
ciphertext.
 It automatically detects when you receive encrypted mail and prompts you for your
password, rather than requiring you to open your encryption software to decrypt the
message or file.
 It automatically selects the appropriate public key from your keyring if you've
previously obtained the recipient's key (asymmetric key programs only).
 It works with a variety of common operating systems (e.g. Windows, Mac, Unix).
Many encryption programs, such as Encryption Plus Email, only work with Windows
or Mac operating systems. PGP is one of the few programs available for virtually
every operating system.
 It works with the email software you are already using.
Some features you may find useful in file encryption software:
 It works reasonably fast when you are encrypting large files. Text files under 1MB in
size should take a negligible amount of time to encrypt on any of the newer model
computers, but larger files may take a significant amount of time. Typically, stronger
encryption takes longer. A large file could take several minutes.
 It works properly with the file system your computer uses. Many Windows
encryption programs work well with (File Allocation Table) FAT16- or FAT32formatted drives, but not as well or at all with NTFS-formatted drives (NTFS refers to
New Technology File System). Windows users can determine their hard drive's file
system by right-clicking a drive icon under “My Computer” and selecting
“Properties.” Windows 9x users, including Windows ME, do not typically have
NTFS-formatted hard drives.
 It encrypts individual files. Some programs will encrypt all the contents of a folder
(like Encryption Plus Folders or Encrypted Magic Folders), or even an entire hard
drive (like Invincible Disk). Other software allows you to encrypt individual files,
(like ABI Coder), put them into an encrypted archive, and then mount that archive as
a separate drive (like BestCrypt, StrongDisk Pro, and ScramDisk). (In Windows, for
example, a mounted drive is treated like a hard drive with its own drive letter.)
Depending on your needs, you may prefer one system over another. Try different
types of programs to see which works best for you.
 It allows you to decrypt files or folders en masse, so you don't have to repeat the
decryption process multiple times.
 It provides an easy-to-use interface: some programs, like Encrypted Magic Folders
and Encryption Plus Folders, automatically decrypt files whenever you're logged on
to the program, and leave the files encrypted when you log out. This way, you don't
have to fiddle with encrypting and decrypting each file.
6
You should also become familiar with any encryption features that may have been built
into your computer's operating system. If your computer’s operating system includes features
that provide the level of security you need, it may not be necessary to look for those features in
third-party encryption software programs.
Features offered by:
MacOS 9:
Mac OS 9 includes some built-in encryption features that are relatively easy to use: Apple
File Security and Apple Verifier. Located in the Security Folder (which is in the
Applications Folder), these features allow Mac users to encrypt and decrypt files on their
hard drives, and to verify the authenticity of files containing digital signatures. To
encrypt or decrypt files, drag them onto the Apple File Security icon. To verify digital
signatures, drag them onto the Apple Verifier icon. The Apple Help menu includes
information on how to use these features.
Unix (including Linux and Mac OS X):
The Unix security system is robust and complex. It employs a system of access control
lists to determine which users have access to a given file or folder, and usually requires
that users log-on to use the computer. (Keep in mind that access controls are not the same
as encryption.) To learn more, check the following link:
http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/features.html
Windows 9x (including 95, 98, and ME):
Simply put, Windows 9x was not designed for robust security. Any user can alter or
remove any file not currently in use, or even reboot into DOS from Windows 95 or 98
and have unrestricted access to any file on your computer. No third-party program can
protect your data if the operating system has no built-in security features. We advise
Windows 9x users who require a secure environment to install an NT-based (New
Technology) operating system, preferably Windows 2000. (Privacy advocates have raised
concerns about the new operating system that Microsoft is about to release, Windows XP.
See http://www.epic.org/privacy/consumer/MS_complaint.pdf and
http://www.epic.org/privacy/consumer/MS_complaint2.pdf for more information about
this.)
Windows NT (including NT and Windows 2000):
The security tools in Windows NT are available on computers using the NTFS file
system. Since NT is also used on computers with the FAT16 or FAT32 file systems, not
all computers using the Windows NT operating system will have the security features
described below. You can check your hard drives' file system by right-clicking the drive
icon and viewing the “Properties” window. On Windows NT systems, many security
settings can be reviewed and edited from the Group Policy Editor. Press “Start,” press
“Run,” type "gpedit.msc," and hit “Enter”; the settings are under Computer Configuration
7
/ Windows Settings / Security Settings. (Again, keep in mind that access controls are not
the same as encryption.)

Users
NT-based operating systems require a log-in to use the computer. The log-in
requirement goes hand-in-hand with file permissions and encryption/decryption
permissions (described below). Individual users or groups of users can be restricted
from or given access to specific files or documents by using the Group Policy
Editor.

File permissions
Hard drives formatted with the NTFS file system rely on "user permissions" for
security. Every file and folder has an owner and an access control list (edited by the
owner or those conferred editing power by the owner) to indicate which users may
"modify, read or execute documents view folder contents, write to the file or folder,
or have read-only access." In recent versions of Windows based on the NT kernel,
you can see which user "owns" each file and folder within a given folder by using the
Details view in Windows Explorer, right-clicking any tab at the top (e.g. Name, Size,
Type, Date Modified), clicking "More," then "Owner."

Encryption
The NTFS file system has built-in support for file and folder encryption through the
EFS (Encrypted File System) tool. Right-click a file or folder, select “Properties,”
look under Advanced, and check Encrypt to use this feature. Once Encrypt is
checked, click Details to identify the users who can decrypt the file. (Caution: Don't
forget to disable System Restore before encrypting any file that System Restore can
affect, or else another user with Recovery access can use System Restore to decrypt
your encrypted file.)

Certificates
Windows relies on "certificates" for public key security and for applications that
provide for authentication, data integrity, and secure communications over networks.
Users manage their own certificates.
The features listed above target email and file system encryption. You may also be interested in
encryption for other applications, such as FTP and Telnet.
For FTP:
FTP (file transfer protocol) is inherently insecure because the program sends the user's log-in and
password as plain text (i.e. unencrypted). You can encrypt the login and password, but the
computer receiving the files must know how to decrypt them. Only a few FTP servers support
secure connections, but there are some freeware programs available.
Freeware Secure FTP programs:
 SafeTP is a "wrapper" for your existing FTP client (Windows and Unix only)
 SecureFTP (MacOS X only)
8

SCP, short for "secure copy," is a (UNIX only) program usually built into UNIX
systems to transfer data easily and securely
For Telnet:
Telnet, a protocol used to access files on another computer, is similarly insecure because it sends
the user's log-in and password as plain text. However, nearly anything you can do with Telnet
can also be done with SSH (Secure Shell; look here for a FAQ). SSH was designed to be secure,
but not all computers that support Telnet support SSH, since it's an entirely different protocol.
Freeware Secure Shell programs:
 PuTTY (Windows only)
 NiftyTelnet 1.1 SSH (Macintosh only)
 Many UNIX systems come with SSH pre-installed. If yours doesn't, you may
download it for free at sites listed at http://www.freessh.org/unix.html
5. What are the vulnerabilities in encryption, and how do I guard against them?
If you lock your door with a deadbolt instead of a chain, you make it more difficult for a
burglar to get inside your home. Similarly, there are differences in the level of security that
encryption software provides. Most of the well-known encryption algorithms that are considered
"good" are mathematically complex enough to be difficult to break; otherwise, they wouldn't be
so widely used. But even good algorithms are vulnerable to being broken if someone is
persistent enough. In this section, we discuss the general vulnerabilities in encryption software,
and offer tips that you can use to combat them. If you'd like more information on the
vulnerabilities of a particular algorithm or software program, search the Web for reviews on its
effectiveness.
General vulnerabilities include:
"Brute Force" Cracking
"Brute force" is another way of saying "trial and error." With this method, a "cracker"
tries every possible key until he or she stumbles upon the correct one. No encryption software
program it is entirely safe from the brute force method, but if the number of possible keys is high
enough, it can make a program astronomically difficult to crack using brute force. For example,
a 56-bit key has 256 possible keys. That's up to 72,057,594,037,927,936  seventy-two
quadrillion  keys that a cracker may have to try in order to find the correct one.
TIP: The more bits in a key, the more secure it is, so choose software with as many bits
as possible. If you have a choice between 56-bit encryption and 128-bit encryption, for example,
use the 128-bit encryption.
For more information on brute force cracking, please see Appendix A: "Brute Force"
Cracking.
"Back Doors"
A "back door" is a security hole in a piece of software. A "back door" may be present
because someone created it in the software with malicious intent, or by accident. Whatever the
reason, if a malicious "cracker" discovers a "back door" in a program, he or she may be able to
discover your key or password.
9
TIP: Make sure that the encryption software you choose has been rigorously tested.
Read online reviews, and consider how long the software has been available. Visit the
software's Web site periodically to check for patches and updates, and install them.
Making Good Keys
In every kind of encryption software, there is some kind of password that must be
created so that the intended recipients of the information can read it. Creating a password that
"hackers" or other malicious parties cannot easily guess is just as important as choosing a good
algorithm or strong encryption software.
TIP: Take care to make a strong key. Use a varied set of characters, including lowercase
and uppercase letters, numbers, and symbols (like spaces, colons, quote marks, dollar signs,
etc.). A good password should be longer than eight characters; the longer it is, the harder it is
to crack.
If you're concerned about remembering a long password, don't be. Even a long password
made up of different types of characters can be easy to remember. Instead of using your
daughter's name, "sally," for example, use "S411y is: #1 i/\/ mY b00k!!!". (Many passwordguessing programs (see "Brute Force" Cracking) employ a database of English words that
guesses passwords from various combinations of words, so it's a good idea not to use passwords
made up exclusively of English words. Note that in the example above, numbers and characters
are interspersed with letters.) Even better is to use a series of random letters, numbers, and
symbols, so that it can't be guessed easily.
TIP: If you forget your password, you will not be able to decrypt data that you have
encrypted. Be sure to make a backup copy of your password and store it in a safe place, such as
on a floppy or zip disk, a CD, or a separate hard drive. You can also copy and paste your
password into a new document, print the document, file the paper somewhere safe, and delete the
document from your computer.
6. Where can I get more encryption software?
Besides checking the software described in our reviews, you might want to try other
encryption software. As discussed below, before downloading or using any encryption software,
please make sure that it is legal to use in your location. Check our section on legal availability
for more information.
 CNet’s Download.com: Security & Encryption for the PC or for the Mac.
 RadiusNet's archive of every free version of PGP ever made.
 Freeware Encryption Tools and Shareware Encryption Tools at WebAttack.com
(Windows encryption software).
7. Why does the U.S. government want to restrict the use of encryption software?
As noted earlier, one of the vulnerabilities of encryption software is a security hole
known as a "back door," which may be present in a piece of software by accident or because
someone created it in the software with malicious intent. For years, federal investigators tried to
convince lawmakers that software developers should be required to intentionally create “back
doors” to give authorities access to encrypted communications between individuals who are
under surveillance for suspected criminal activities. Proponents referred to this as a “key
escrow” system because authorities could go to court to get permission to use the key to unlock
encrypted communications.
10
Privacy and civil liberties advocates fought these efforts, citing the importance of
encryption to the work of human rights activists and the need for secure communications for
online commerce. In the late 1990s, they were successful in convincing federal policy makers to
loosen U.S. laws banning the export of strong encryption. However, the September 11, 2001
terrorist attacks on the World Trade Center and the Pentagon have prompted renewed calls for
increased restrictions or outright bans on encryption. This, in turn, has generated renewed
concern among privacy and civil liberties advocates about the potential loss of constitutionally
protected rights. Lauren Weinstein and Peter G. Neumann, co-founders of People For Internet
Responsibility, offered this perspective in a September 23, 2001 “PFIR Statement on Terrorism,
Civil Liberties, and the Internet:”
“The techniques for strong encryption are now widely
known and can be implemented on any PC or handheld computer.
Attempts to outlaw, weaken, or mandate surveillance ‘backdoors’
for such systems can only result in the vast honest population
being saddled with vulnerable encryption systems for commerce
and a wide range of other communications both on and off the
Internet, all subject to a wide array of monitoring. Such
surveillance could be instigated not only by ‘benign’ governments,
but also by a range of private parties who would inevitably
penetrate the back-doors of such systems, not to mention other
governments and entities (either now or in the future) who most
decidedly won’t be benign in nature.”
There are many good sources of up-to-date information on the calls for increased
restrictions on encryption that started after the September 11, 2001 terrorist attacks, including:


Electronic Privacy Information Center
Electronic Frontier Foundation
For more general information on the public policy aspects of encryption see “Links to
further resources, focusing on encryption politics” in the following section.
8. Where can I read more about encryption?
We've listed some useful sites below. Bulleted subsections denote the page's focus and
particularly useful resources. Items marked with an asterisk (*) are for readers interested in the
more technical workings of encryption.
Cryptography at Electronic Frontiers Australia
 Introduction to Cryptography
 Crypto Politics
Cryptography FAQs at FAQs.org
 Basic Cryptology (an introduction to cryptography)
 Mathematical Cryptology * (an advanced look at the math behind cryptography and
cryptanalysis)
11

Public Key Cryptography * (a technical introduction to asymmetric key cryptography)
Other Miscellany
 What is the National Security Agency (NSA)?
 What are the US export regulations?
 What is TEMPEST?
 Cryptography Web Sites, Publications, FAQs, and References
Links to further resources
 Data Encryption: What It Is and How It Works (an easy-to-understand introductory
resource focusing on home use of cryptography, featuring step-by-step instructions)
 Encrypting E-mail in Outlook 2000 & Outlook Express 5.0
 Installing & Using PGP Software (follow links at the bottom for more on Roles of
Encryption Components and Understanding Public & Private Keys)
 Electronic Frontier Foundation "Privacy, Security, Crypto, & Surveillance" archive
Links to further resources, focusing on encryption politics
 Electronic Privacy Information Center
 CDT Encryption Issues Page
 News about current American cryptography debates
 Encryption Websites in English (linked from PGPi)
 Encryption White Papers at ITpapers.com *
Links to technical resources for advanced encryption users
 How Encryption Works
 Compares symmetric & asymmetric encryption
 Explains Secure Socket Layers (SSL)
 Explains Web of Trust and authentication
 PGP Diffie-Hellman vs. RSA (Rivest-Shamir-Adelman) FAQ *
 Compares several asymmetric key encryption algorithms used in PGP
 Discusses how secure PGP is
 RSA Laboratories' FAQ about Today's Cryptography
 Fairly comprehensive introduction to cryptography
 Fairly comprehensive advanced information *
 Theory of Cryptography Library *
 A repository of advanced cryptography theory
If you need to know more about a specific topic, try searching for it from your favorite Web
search site.
9. How do I find out whether a particular encryption program is legally available where I
live?
Many programs and algorithms used for security purposes are not available outside of the
United States because of U.S. export law. Some policy makers are now calling for increased
restrictions on the use of encryption in response to the September 11, 2001 terrorist attacks on
the World Trade Center and the Pentagon. Before acquiring or using any encryption software,
12
you will need to make sure that it is legal to use in your location. In most cases, this information
will be included in the licensing agreement. When downloading or installing software, read the
licensing agreements. For the software reviews in this guide, we've tried to ascertain whether the
programs are available outside of the U.S., but ultimately it’s up to you to determine whether a
given program is legal to use where you live. Some of the links provided below may help.





Bureau of Export Administration Encryption Export Regulations, houses all encryption
rules published by BXA since export control jurisdiction was transferred from the State
Department to the Commerce Department in 1996. At the time this guide was published,
the most recent update was in October 2000.
Electronic Frontier Foundation's Crypto Export archive (contains political articles,
discussions, and notes).
Information Security and Privacy in Network Environments (lengthy Sept. 1994 political
report; use your browser's Search or Find function with the text "Government Policies
and Cryptographic Safeguards" to find the relevant chapter).
RSA Laboratories' FAQ about Today's Cryptography: United States Cryptography
Export/Import Laws (particular note of interest: reports on the legality of RSA and
Triple-DES export).
U.S. Department of Commerce / The Bureau of Export Administration / Office of
Strategic Trade and Foreign Policy Controls / Information Technology Controls Division
/ Commercial Encryption Export Controls.
10. Cryptography Terms
Defined below are some of the terms used throughout this guide. For a more
comprehensive look at cryptography terms, try some of the following sites:



Cryptography Terminology (has basic terminology and mentions some algorithms)
Glossary of Cryptographic Terms
Ritter's Crypto Glossary and Dictionary of Technical Cryptography
Follow the link from the term to read more about it (often on another site).
Algorithm
The American Heritage Dictionary defines an algorithm as "a step-by-step problemsolving procedure, especially an established, recursive computational procedure for solving a
problem in a finite number of steps." In the context of encryption, an algorithm is the
mathematical formula used to scramble and unscramble data. It typically has two elements: data
(for example, an email message that you want to encrypt or decrypt) and a key.
Asymmetric Cryptography (Also known as public key cryptography.)
Encryption software that requires two keys: a public key and a private key. Encryption
software users distribute their public key, but keep their private key to themselves. When
someone wants to send an encrypted message, the sender uses the recipient's public key to
encrypt the message, which can only be decrypted by the person who holds the corresponding
private key. For example, Jack makes public key A and private key A, and Jill makes public key
B and private key B. Jack and Jill exchange their public keys. Once they have exchanged keys,
Jack can send an encrypted message to Jill by using Jill's public key B to scramble the message.
13
Jill uses her private key B to unscramble it. If Jill wants to send an encrypted message to Jack,
she uses Jack's public key A to scramble her message, which Jack can then unscramble with his
private key A. Asymmetric cryptography is typically slower to execute electronically than
symmetric cryptography.
Authentication
Assuring that a message has not been modified in transit or while stored on a computer is
referred to as authentication. It is one of the objectives of cryptography. (This is referred to as
message authentication or message integrity.) Assuring that a public key really belongs to a
specific individual, or that a specific individual has the right to send a particular encrypted
message is another type of authentication.
Back Door
A “back door" is a software function that allows someone to decrypt data without the
key. In some cases, software creators intentionally include this function in software. Software
that has a back door is not secure. Read more about this in the vulnerabilities section.
Certificate
A certificate is a data file that identifies an individual, organization, or business.
Certificates are obtained from specialized certificate-issuing companies such as VeriSign, and
can be used to encrypt data and/or confirm the certificate owner’s identity.
Cipher, Block Cipher, Stream Cipher
A method of encryption and decryption, a.k.a. encryption algorithm.
 A Block Cipher is a method for encrypting data in chunks (several or many
contiguous bits) as opposed to encoding bit-by-bit like a stream cipher. (More
information.)
 A Stream Cipher is a method of encrypting data bit-by-bit, as opposed to
encoding a contiguous chunk of data all at once like a block cipher. (More
information.)
Cleartext
Unencrypted text, a.k.a. plaintext.
Cracker
The Free On-line Dictionary of Computing defines a cracker as someone who attempts to
gain unauthorized access to a computer system. These individuals often have malicious reasons
for breaking into a system. (For example, to obtain a list of Social Security numbers or bank
accounts.)
Cryptanalysis
The testing of cryptography. An algorithm or program is said to have been cryptanalyzed
if cryptographers have tested it for vulnerabilities.
Digital Signature
A small piece of code that is used to authenticate the sender of data. Digital signatures are
created with encryption software for verification purposes. A private key is used to create a
14
digital signature, and a corresponding public key can be used to verify that the signature was
really generated by the holder of the private key. See asymmetric cryptography.
Digital Signature Standard (DSS)
DSS is the U.S. government's standard for authenticating a digital signature.
FTP (File Transfer Protocol)
FTP is an old but still widely used method for sending data across the Internet. The
protocol itself has no security, so any login and password information is sent as plaintext. This
means that if the login/password transmission is intercepted the security of any data stored on the
FTP server may be compromised. There are ways to add security to FTP transmissions, but they
require special software for both the server and the client (the computer that stores data and the
computer that sends and receives data). Web browsers can also act as FTP clients. If your Web
browser's address bar starts with "ftp://" instead of "http://" you are connected to an FTP server.
Key
A specific string of data that is used to encrypt and decrypt messages, documents or other
types of electronic data. Keys have varying levels of strength. Keys having higher numbers of
bits are theoretically tougher to break because there are more possible permutations of data bits.
(Since bits are binary, the number of possible permutations for a key of x bits is 2x.) The specific
way a key is used depends on whether it's used with asymmetric or symmetric cryptography.
Keyring
A set of keys. In asymmetric encryption software, separate keyrings are used to store
private keys and public keys
PGP (Pretty Good Privacy)
PGP is the de facto standard for software encryption. It is available in a variety of
versions, some of which can be downloaded for free from Web sites, others of which are sold
commercially. Because it is so widely used, PGP is one of the most heavily cryptanalyzed
encryption programs in the world. (This means that countless cryptographers and programmers
have so far been unable to break it.) Check our reviews page for details.
Plaintext
Unencrypted text, a.k.a. cleartext.
Private Key
Private keys, a.k.a. secret keys, are used in asymmetric cryptography. One of their
primary purposes is to enable someone to use a public key to encrypt data that can only be
decrypted by the owner of the corresponding private key. Private keys should not be distributed.
See asymmetric cryptography.
Public Key
Public keys are used in asymmetric cryptography. One of their primary purposes is to
enable someone to encrypt messages intended for the owner of the public key. Public keys are
meant for distribution, so anyone who wants to send an encrypted message to the owner of the
public key can do so, but only the owner of the corresponding private key can decrypt the
message. See asymmetric cryptography.
15
Secret Key
See private key.
Self-Decrypting Archive
A self-decrypting archive is similar to the self-extracting archive that is typically used
with software that is downloaded from the Internet. It contains an archive with one or more files
that will automatically open and decrypt with the appropriate key or password. The advantage of
a self-decrypting archive is that the recipient doesn't need special software to decrypt files.
Typically, the self-decrypting archive software prompts the recipient for a password, and extracts
its contents if the password is correct.
Signature
See digital signature.
SSH (Secure Shell)
SSH, like Telnet, is a protocol that allows someone using one computer to remotely
operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.
Symmetric Cryptography
A method of encryption in which a single key is used to scramble and unscramble data.
One weakness of symmetric cryptography is that the user has to distribute the key to the recipient
without letting it fall into the wrong hands. The user can do this by encrypting the key itself, but
then another key will be needed to decrypt the first one. See also asymmetric cryptography.
Telnet
Telnet is a protocol that allows someone using one computer to remotely operate another
computer. Like FTP, Telnet is not secure. Security is possible by using special Telnet
server/client software or an alternative protocol (like SSH).
Web of Trust
An informal means of confirming the identity of someone with whom you communicate
electronically. In asymmetric cryptography, one of the biggest concerns is ensuring that the
person who claims to be John Doe is really John Doe. Jane Doe can verify that John Doe is really
John Doe by non-electronic means, such as by phone. If Jane Doe knows that John Doe has
taken similar steps to verify that Jack Smith and Jill Jones are who they claim to be, then Jane
Doe may trust his contacts, as well. This is referred to as a Web of Trust.
Acronyms and terms that you have encountered in this guide that are not listed here may be
encryption standards or algorithms. For more information please see Appendix B: What are the
different kinds of algorithms that encryption software programs utilize?
16
Appendices
Appendix A: "Brute Force" Cracking
As discussed in section 5, “What are the vulnerabilities in encryption and how do I guard
against them?,” "brute force" cracking is a method of finding a password or key by trial and
error. The longer the password or key, the more difficult it becomes to crack it. For example, a
56-bit key has 256 possible keys. That's up to 72,057,594,037,927,936  seventy-two quadrillion
 keys that must potentially be tried in order to find the correct one.
That doesn't mean that a 56-bit key is strong enough to prevent successful brute force
attacks. Even back in 1997 when desktop computers were much less powerful than current
models (this guide was written in September 2001), a distributed computing effort cracked the
RSA's 56-bit RC5 encryption in less than 250 days. (See an article on the effort. A distributed
computing effort is one in which many computers share the task of testing the seventy-two
quadrillion possible combinations of bits.) In 1998, a similar effort took just 39 days using
50,000 computers. Those computers tried 85% of the possible combinations, at speeds that at
times reached 26 trillion keys per second, before finding the right key. Another 1998 effort, by
the Electronic Frontier Foundation, took only 3 days to crack a 56-bit DES key using a special
computer called the DES (Data Encryption Standard) Cracker.
In some cases, viruses have invaded computers and used their computing power without
the owner's knowledge. (GRC.com has a story about a malicious cracker who launched a denialof-service attack that flooded a computer with more data than it could process, using 474
Microsoft Windows computers without their owners' knowledge.)
Fortunately, increasing the number of bits in a key exponentially increases the number of
possible keys that would have to be tested with the "brute force" method. So, a 128-bit key could
be any one of 3.4 * 1038 keys, a 192-bit key could be any one of 6.2 * 1057 keys, and a 256-bit
key could be any one of 1.1 * 1077 keys. A note at the U.S. Computer Security Resource Center's
Advanced Encryption Standard FAQ states:
In the late 1990s, specialized "DES Cracker" machines were built that could
recover a DES key after a few hours. In other words, by trying possible key
values, the hardware could determine which key was used to encrypt a
message. Assuming that one could build a machine that could recover a DES
key in a second (i.e., try 255 keys per second), then it would take that machine
approximately 149 trillion years to crack a 128-bit AES key. To put that into
perspective, the universe is believed to be less than 20 billion years old.
Note that these efforts are per key; if you were to divide the data you were encrypting into 10
subsections and used a different key for each of the subsections, this decryption process would
need to be repeated 10 times.
To summarize, brute force cracking can be significantly slowed with strong encryption,
(essentially, just using longer keys) and slower algorithms. Modern strong encryption should be
able to hold off all but the best-funded efforts by crackers with lots and lots of time on their
hands. Encryption can make data access difficult enough that a malicious cracker may decide to
look for an easier target rather than spending resources attempting to crack strong encryption.
17
Appendix B: What are the different kinds of algorithms that encryption
software programs utilize?
The complexity of these algorithms prevents us from describing their workings in-depth
in a guide intended for readers with limited technical knowledge of encryption, but here are some
links and names that may be useful if you want to know more about the technical aspects of
encryption software. You can always find more information on each algorithm (including ones
that are not listed here) simply by searching for the algorithm's name on your favorite Internet
search engine.
One interesting read is the PGP Diffie-Hellman vs. RSA FAQ, which discusses the
effectiveness of various algorithms.
Advanced Encryption Standard (AES)
AES is the block cipher being developed as a successor to DES. (AES was not completed
at the time this guide was published.) It operates under the symmetric key model. Some of the
other encryption algorithms listed in this section were submitted as candidates to become AES.
The selected algorithm is one called Rijndael (one suggested pronunciation: "rain doll"), a
variant of an algorithm called Square.
 AES (Rijndael) (mathematical analysis)
 The AES Candidates
 The Block Cipher Rijndael (a newbie's introduction to Rijndael)
 Computer Security Resource Center: AES; FAQ
 The History of AES
 PGP Diffie-Hellman vs.RSA FAQ: What is AES?
Blowfish
Blowfish is a block cipher that employs the asymmetric key model. "Blowfish was
designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms.
Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong
encryption algorithm. Blowfish is un-patented and license-free, and is available free for all uses."
(Counterpane Internet Security: The Blowfish Encryption Algorithm)
 Blowfish
 Counterpane Internet Security: The Blowfish Encryption Algorithm
Carlisle Adams/Stafford Tavares (CAST)
CAST is a group of ciphers. "CAST-128 belongs to the class of encryption algorithms
known as Feistel ciphers; overall operation is thus similar to the Data Encryption Standard
(DES)." (C. Adams, Entrust Technologies: The CAST-128 Encryption Algorithm) It operates
under the symmetric key model.
"It is resistant to both linear and differential cryptanalysis. Currently, there is no known
way of breaking CAST short of brute force. There are no known attacks on CAST with reduced
rounds  it looks incredibly secure. CAST is now the default cipher in PGP." (PGP DiffieHellman vs. RSA FAQ: What is CAST?)
"CAST is a family of ciphers. Some of the other 'CAST' ciphers have succumbed to
advanced attack. (Rijmen and Preneel have attacked some CAST designs and so have Kelsey,
Schneier & Wagner.) The same attacks have been tried against the implementation of CAST
used in PGP and have, thus far, failed." (PGP Diffie-Hellman vs. RSA FAQ: What is CAST?)
18



C. Adams, Entrust Technologies: The CAST-128 Encryption Algorithm
C. Adams, J. Gilchrist, Entrust Technologies: The CAST-256 Encryption Algorithm
PGP Diffie-Hellman vs. RSA FAQ: What is CAST?
Data Encryption Standard (DES) and Triple-DES (3DES)
DES is the current standard encryption algorithm. "DES was developed in the 1970s by
the National Bureau of Standards with the help of the National Security Agency" with an
algorithm submitted by IBM. (The Next Wave: What is DES?) It operates under the symmetric
key model.
"Unfortunately, over time various shortcut attacks were found that could significantly
reduce the amount of time needed to find a DES key by brute force. And as computers became
progressively faster and more powerful, it was recognized that a 56-bit key was simply not large
enough for high security applications." (Tropical Software: DES Encryption (DES)
"On July 17, 1998 the Electronic Frontier Foundation (EFF) announced the construction
of a DES brute-force hardware cracker (http://www.eff.org/descracker/). This $220,000 device
can break a DES key in an average of 4.5 days." (Dr. Dobb's Journal: The Current State of DES)
Triple-DES is only a third as fast as DES, but uses three keys to effectively triple the key
length to 168 bits, making the algorithm "billions of times more secure [than DES] if used
properly." (Tropical Software: Triple DES Encryption [Triple DES])
 Dr. Dobb's Journal: The Current State of DES
 The Next Wave: What is DES? (DES)
 PGP Diffie-Hellman vs.RSA FAQ: What is 3DES?
 SearchSecurity: Data Encryption Standard (DES)
 Tropical Software: DES Encryption (DES)
 Tropical Software: Triple DES Encryption (Triple DES)
Diffie-Hellman (and ElGamal, a derivative)
Diffie-Hellman is an encryption algorithm that employs the asymmetric key model.
"In 1976, Diffie and Hellman started an explosion of open research in cryptology when
they first introduced the notion of public-key cryptography, which allows for new electronic
means to handle key distribution in conventional cryptographic systems and for digital signatures
in electronic messages." (Cylink Resource Library: Alternatives to RSA: Using Diffie-Hellman
with DSS)
"The Stanford patent on the Diffie-Hellman technique... expired in 1997 and [the
technique] is now in the public domain." (Cylink Resource Library: Alternatives to RSA: Using
Diffie-Hellman with DSS)
 Cylink Resource Library: Alternatives to RSA: Using Diffie-Hellman with DSS (if the
link is down; see Google’s cached copy)
 PGP Diffie-Hellman vs. RSA FAQ: What is DH / ElGamal?
 RSA Security: What is Diffie-Hellman?
GOST
GOST is the U.S.S.R. 28147-89 standard protection algorithm, analogous to the U.S.'s
DES. "The algorithms are similar in that both operate on 64-bit blocks by successively
modifying half of the bits with a function of the other half." (GOST encryption algorithm:
Russian analogue to US Standard?)
 GOST encryption algorithm: Russian analogue to US Standard?
19

Soviet Encryption Algorithm (GOST 28147-89)
International Data Encryption Algorithm (IDEA)
IDEA is a block cipher used in PGP. "IDEA, unlike the other block cipher algorithms
discussed in this section, is patented by the Swiss firm of Ascom. They have, however, been
generous in allowing, with permission, free noncommercial use of their algorithm, with the result
that IDEA is best known as the block cipher algorithm used within the popular encryption
program PGP." (IDEA (International Data Encryption Algorithm)
 IDEA (International Data Encryption Algorithm) (a mathematical analysis)
 Naval Postgraduate School / Department of Computer Science: IDEA (mathematical
overview)
 PGP Diffie-Hellman vs. RSA FAQ: What is IDEA?
Triple-DES
See "Data Encryption Standard (DES) and Triple-DES (3DES)"
Twofish
"Twofish is a block cipher by Counterpane Labs. It was one of the five Advanced
Encryption Standard (AES) finalists. Twofish is unpatented, and the source code is
uncopyrighted and license-free; it is free for all uses." (Counterpane Internet Security: Twofish:
A New Block Cipher) It operates under the symmetric key model.
 PGP Diffie-Hellman vs. RSA FAQ: What is Twofish? (discusses concerns that Twofish
is new and unproven)
 Counterpane Internet Security: Twofish: A New Block Cipher
 The Twofish Encryption Algorithm: Block Encryption for the 21st Century
Rivest-Shamir-Adelman (RSA)
RSA is a family of algorithms that employ the asymmetric key model. There are actually
multiple incarnations of this algorithm; RC5 is one of the most common in use, and RC6 was a
finalist algorithm for AES. Searching for how RSA works often yields a host of pages about
how it works mathematically, because the U.S. patent on the RSA algorithm expired on
September 21, 2000. (RSA Security, Inc. actually began offering the algorithm to the public
before the 17-year-old patent expired.)
 Tom Davis' notes on RSA Encryption
 RSA Algorithm JavaScript Page (illustrates mathematical principles with web-based
code)
20