[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security of Encrypted Magic Folders




Hello, all!  Back reading the list after a long hiatus.  Glad it's still as
good as ever.   Anyway, thought I'd appeal to the collective brain trust as
this question is over my head.  Please "cc" me directly since I'm on the
filtered cypherpunk list.

I just downloaded Encrypted Magic Folders--a program that hides Windows 95
folders and then encrypts them to prevent a disk utility from revealing
their content.  In their help file, they try to answer the question "How
Secure is it?"--and, of course, they say *very*, but I can't tell if this is
so or if they're just blowing smoke.  Particularly, their claim that key
size doesn't matter.  (My mom taught me size always matters... )   If
someone with a stronger cryptography background than me could take a look at
this and let me know, I would greatly appreciate it.

Thanks!

Alex


* How Secure is it?

    EMF's encryption offers good protection and excellent speed.  It
    hasn't been broken yet.  It is, as far as we know, exportable.  THERE
    IS NO BACKDOOR.  Should you forget your password there is nothing we
    can do to decrypt your encrypted files.

    Quite a few people ask us how big EMF's key size is.  They've learned
    from other encryption programs that the bigger the key the stronger
    the encryption.  This really doesn't apply to EMF.

    We developed our own encryption instead of using a standard because
    we wanted EMF to be able to decrypt at the byte level.  In this way
    we only need to decrypt/encrypt the data your programs require and
    not the entire file.

    In theory, because we decrypt at the byte level, the biggest key we
    could use would be 8 bits - which is a joke.  So instead of
    decrypting every hunk of data using the same key, as most other
    encryption programs do, we developed an algorithm to vary the key
    based on the data's location within the file.  In this way we get
    both high security and high speed.  We are trying to patent EMF's
    encryption method.

    Having said all that, truth is, most encryption isn't "cracked" by
    breaking the algorithm, it's done by guessing the password.  Brute
    guessing of passwords tends to level the playing field tremendously.
    We actually have an advantage because we aren't an established
    standard.  Because we're small and relatively obscure chances are no
    one will take the effort to write a password guessing program (which
    incidentally would violate copyright and intellectual property laws.)
    Even if someone were to go thru all this effort we could easily
    change the encryption method for the next update.

    If we used an established encryption method like DES or Blowfish then
    your files would probably have to be fully decrypted when opened,
    would exist on disk as unencrypted while you're using them, and then
    would need to be encrypted when closed.  This has multiple
    disadvantages.  First, if your computer shuts down while you have
    "encrypted" files open, then those files would be unencrypted.  This
    doesn't happen with EMF as your encrypted files are always encrypted
    as stored on disk.  The second disadvantage is that it slows things
    down tremendously.  As an example, let's say you retrieve your email
    and your email program needs to add today's message to the end of
    your 3MB email file.  If we used a standard encryption method
    requiring the decryption of the file before use then the entire 3 MB
    file would have to be decrypted, your 300 byte message added to the
    end and then the entire file encrypted again.  With EMF, no
    decryption would need to take place, and the only data needing
    encryption would be the 300 byte message.  MUCH faster.  Around
    20,000 times faster in this example!

    If you still think you'd like to see us use a standard encryption
    method like DES or Blowfish, or have any other suggestions, let us
    know and we will consider your input in future updates