... Basic Notion: "Security is not a cypher, it is a process" ... ... The weakest link in security (usually) is the password - Part 1: About Key Size: Would like to remember, though you most probably already know, that text passwords (used as key) is the equivalent of 2 bits per char. Meaning you have to use not a password but a passfrase of 64 char to get a 128 bits key. To change any amount of char into 128 bits you need to hash the passfrase (to allow a string of 64 bytes or more). To Hash you need a crypto secure hash method, or create one with the excellent (very small code and strong) TEA cypher with the available methods to produce a safe 128 bits hash. Please note that there are few crypto-secure methods... BUT the hash WILL NOT enhance the security of a passphrase. ONLY reduce its security down to the Passwors space available. IF the passphrase security is low the hash will be also low. HASHING JUST makes a passphrase FIT in the password space!!! Unfortunatly most implementors fail to understand this... People should be reminded that the security available depends from Size*Quality of the Passphrase. Size is self descriptive, by QUALITY is considered the usage of Numbers, symbols, Spaces, Non-sense words and even (but difficult to remember) a full keySpace number. ... The weakest link in security (usually) is the password - Part 2: About keyboard sniffers: If linked to ANY network, no computer may be considered safe. Only a lone Computer MAY be considered safe... Not considering the security problem of people with access to it nor the origin of software (including BIOS and Operating System). This SAFE computer ciphers and deciphers. The connected ones just receive and transmit ciphered data. Corollary: No data may be considered safe in a connected Computer. Communication MUST be done by a controled medium like a diskette. By no means this diskette may be allowed to control the SAFE one wich MUST NEVER boot or use ANY unchecked (unsafe) software. ... The faster the cipher the easiest the attack: Hashing a Password has a problem: IT MAY EASE a brute force attack. On MOST implementations!!! This Attacks are made NOT by PCs but by dedicated hardware (programable for each used tool). There is no theoretical limit to its speed so we must and can expect that the presence of a hash of the password (hashed or not) will reduce the password by the size of the hash provided by the programmer... usualy a FULL 128 bits hash (or bigger)... with the naive intention of "not to accept a false password that would trash the file" for wich usually a byte is enough. Ergo: The security is ZERO. The Password verification should therefore be limited to 1 byte. This is a loss of security of 8 bits in the 'entropy' size of the used passphrase. In BLW-CBC.EXE the loss is ZERO and you alone are responsible for your security environment. BLW-CBC will NOT steal you any bits !!! ... A cipher should always be used in a trashing feedback mode: If a file with similar contents is enciphered with the same password it will reveal that information. So, to avoid this kind of attack where information is leaking and accumulating the text must be randomized and by doing this the domain (space) of the plaintext is also maximized. This is made with one of a set of methods known as the 'mode' of the cypher that 'rotten' the original text depending of an always diferent starting value - the I.V. or Initialization Vector. For more details on the I.V. consult the Appendix. ... Final Note, not to ignore: Re-remember the basic: "Security is not a cypher, it is a process" ... This includes the cypher, the implementor, the user and the System. So: use a strong cipher but more important is HOW you use it. --- --- --- Regards, Dutra de Lacerda. --- --- --- APPENDIX - The CBC mode Example: Each mode available has its properties, and after the choice the implementation is very simple: The file starts with an Initialization vector (I.V.), A desired True Random Block, but since it is hard to get on a computer you use the Time. Obtained the time of a key press and Hash, Repeat. Then start working IN the chosen mode, using the cypher in it. Example is CBC mode: Encode: I.V. <- Create(I.V.) ; In the beginning the I.V. is the Block(n-1) While not EOF Block(N) <- Get(Block) ; Original text Block(N) <- Block(N) xor I.V. ; Rotten the plain text Block(N) <- Cipher(Block(N)) ; Cipher rotten text (What to predict? Its trashed!) I.V. <- Block(N) ; store the next cycle I.V. Store(Block(N)) ; CBC Ciphered text End-While --- --- --- Decode: I.V. <- Get(Block) ; I.V. is the first block on the File While not EOF Block(N) <- Get(Block) LastIV <- Block(N) ; It's the I.V. for the next cycle, cannot loose it! Block(N) <- Decipher(Block(N)) ; Decipher and get rotten text Block(N) <- Block(N) xor I.V ; Got the plain text from the rotten text I.V. <- LastIV ; Next cycle I.V. Store(Block(N)) ; Original Text End-While --- --- --- This is it!