Pass words and pass phrases tend to be the weakest elements of secure systems. Unfortunately encryption keys and certificates can be complicated to manage and are impossible to remember, so many people prefer the use of passwords to protect access to computers and files. On the other hand, long pass phrases which contain both letters and numbers can provide good security if they are chosen wisely. Therefore we have tried to mitigate the consequences of poor pass phrase selection and ensure the use of string pass phrases in the design of SecExFile.
The pass phrase provided by the user is never employed directly in encrypting and archiving files. Firstly, the passphrase as entered by the user is stretched to a fixed length using secure hash functions. By default, the passphrase is stretched to 20 characters in the 128 bit SecExCipher version and to 60 characters in the 384 bit SecExCipher version. Please note that when entering the suggested maximum pass phrase lengths of 25 characters for the 128 bit SecExCipher version and 70 characters for the 384 bit SecExCipher version, the pass phrase will actually be shrunk. This excess margin is designed to account for the fact that users are limited to entering printable characters at their keyboards rather than the full set of ASCII characters. The key which is derived from the user passphrase is then used to encrypt the session key which is employed to encrypt the actual data. See Known Plain Text Protection.
| · | Known Plain Text Protection
|
When encrypting files with pass phrases, there is a danger that users will select the same or similar pass phrases to protect multiple archives. A savvy cryptanalyst will be able to exploit this by comparing the cipher text of encrypted archives especially when some or all of the plain text input is known or may be reasonably "suspected". In some cases it may be sufficient to know the format in which the data is stored even if the actual content of the documents is unknown. This is because many file formats employ fixed header sections to store attributes of the document in question. For example, image files may contain palette information in their headers which are identified by specific byte sequences, etc. SecExFile takes comprehensive steps to protect against this kind of cryptanalysis.
Firstly, even where the user enters the same pass phrase to protect multiple archives, this pass phrase and its derived key material is only used to encrypt the random session key which in turn is employed to encrypt the actual data. This means each file is encrypted with a different key. Further, the SecExMail cipher protects against known plain text attack by compressing all input and obscuring the header of the compression layer via a one time pad.
|
|