PGPdisk

  Locations of visitors to this page
be notified of website changes? subscribe
Mac OS

 

Apple

MacBook Pro

PowerBook

Newton

QuickTake

Lombard/Wall Street woes

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

PGPdisk

Note: the program originally known as CryptDisk is now part of the PGP package, and is known as PGPdisk.

CryptDisk is written by Will Price.

Please send bug reports to wprice@primenet.com

Copyright © 1995 by Will Price. All rights reserved.



Requirements

System 7.0, hard drive


Background and Description

The goal of CryptDisk is to provide transparent top grade partition encryption for Macintosh CPUs. A friend and I were talking about the lack of encryption programs on the Mac and the general bungling of existing programs which usually have hideous Mac interfaces or terrible cryptography. There are exceptions, but not many. The most surprising thing is that some of the worst examples of this are actually commercial programs. I walked around MacWorld Expo SF '95 asking every security company if they knew of a way to do something like what CryptDisk does. After a lot of public relations nonsense, I pretty much concluded nothing out there would satisfy what I wanted to do. This was unbelievable to me, so I decided to put aside the project I was working on and write CryptDisk. There are at least 5 programs like this available for the PC, but we've got drag and drop!

CryptDisk creates files on your hard disk which act as virtual hard disks. You can drop these files on the CryptDisk application to mount them in the Finder after typing in the appropriate passphrase. The mounting idea is similar to programs like ShrinkWrap and MountImage. These CryptDisk files are encrypted with extremely high security using well-known encryption algorithms. The algorithms used in this product are described in detail later in this document. I would specifically like to thank Colin Plumb for his absolutely invaluable and timely cryptographic advice, and Tom Bryce who helped give me a crash course in modern cryptography. The three of us sent a flurry of about 50 email messages to each other to flesh out the algorithms used in this program.

Reading and writing files on a CryptDisk happens just as it would on a normal hard disk except that everything written to the disk is encrypted, and everything read is decrypted. When you unmount a disk by putting it in the trash or choosing "Put Away" in the Finder, the data becomes completely inaccessible until the disk is mounted again. The entire drive is not decrypted when it is mounted. Many encryption programs only let you decrypt an entire set of files rather than individual files wasting time on files you may not need. Only what is needed at any particular time is actually decrypted.

The security of CryptDisk is actually much greater than many encryption programs by its very nature. The fact that the entire disk rather than just a sequential set of files or (worst case) a single file is encrypted means that no one can retrieve your files names, custom finder icons, file lengths, or any other similar data without first defeating all the encryption. Those attributes are often useful in successful attacks on the encryption, so the security is enhanced by encrypting that just as well as the files themselves.


Distribution

This program is, by necessity, demoware. The wonderful government of the United States in which the author lives has chosen to declare the algorithms used in this product (specifically IDEA) as "munitions" which are illegal to export. In other words, anyone caught exporting or transmitting the full version of this program from the US (or Canada) could theoretically be convicted of international arms trafficking. I know it sounds totally absurd, but it is true. It is especially absurd given that the IDEA algorithm was invented in Switzerland. This law is why you don't see a lot of shareware or freeware strong encryption programs that are freely distributed.

The version of this program which is demoware and is freely distributable to the world has no encryption (called 1.0D). The security of the demoware version is non-existent from a cryptographic point of view. All it effectively does is place password protection on mounting the CryptDisk file. It will not mount real CryptDisks. Do not use the demo version of the application for anything sensitive.

The full version of this program is available directly from the author. It may also be available at selected anonymous FTP sites in the US which restrict access to legal users. Only US and Canadian postal and email addresses may obtain this version. To receive the full version, send $20 US (add $5 if you need shipping) to the address below. Make checks payable to Will Price.

Will Price
P.O. Box 641383
Los Angeles, CA 90064

If you have an internet or AOL email address which is capable of receiving files, you will be emailed the full version on receipt. Otherwise, please include $5 to have it shipped to your US or Canadian postal address on disk. Please include your name, address, email address, whether your email address can receive file attachments, and any other comments you might have. If you have questions about this procedure, please send email to wprice@primenet.com.

The full version is also PowerPC native to the extent possible providing incredible speed increases on those computers. A PowerPC encrypts 19x faster native than it does running emulated code.

The source code is also available for an extra $20. So, if you would like registration, source and shipping, please include $45.


QuickStart

Let's look at a simple example of how to use CryptDisk. I have 30 MB of files that I want to keep encrypted except when I'm using those files. Run CryptDisk and select "New" from the menu. Enter a passphrase. The limit on passphrase length is 128 characters, and there is a minimum of 8 characters. Use the longest length you think you can remember. Try combining several hard passwords. Your password is the key to your encryption. Do not use any words that you might find in a dictionary or anything remotely similar to such words. Use weird punctuation at weird places, and vary your capitalization. CryptDisk is very smart about enhancing your password's security within the algorithm, but it can't help you if you choose an easily guessed password. That is by far the weakest link in the security chain. Don't write down your password: remember it, but if you do forget it, all is lost. There is no way to retrieve your data if you lose your password. If you do find a way, international fame awaits you.

Now press Tab or select the size field with the mouse and enter 30 in order to create a 30 MB disk. Click OK.

A new dialog will appear at this time which asks you to wave the mouse randomly all over the screen for 15 seconds. Make your motions as random and sweeping as possible. CryptDisk needs to generate very random numbers from this, and combines several other methods of generating randoms with your mouse waving to insure that.

The random generating dialog automatically disappears, and a standard dialog appears to let you select where you want to put the file. Now re-enter the passphrase you just entered in the next dialog to confirm it and click Mount. After a period of time to format the disk, it will be mounted on your desktop. You can unmount the disk by dragging it to the trash or choosing "Put Away" in the Finder.

To remount the disk, just drop the file on the CryptDisk application, or choose "Mount..." from the File menu of CryptDisk. Then re-enter your passphrase as given before and the disk will be mounted again. You can treat the disk as a normal hard disk while it is mounted.

To change your password, select "Mount..." from the File menu of CryptDisk. Enter your passphrase and then click "Change Password". Now enter a new passphrase and then confirm it in the next dialog. Your CryptDisk will be mounted with the new password.


Compatibility


Description of Cryptographic Architechture

This section is designed for those who know something about cryptography to get a clear picture of exactly what kind of security CryptDisk offers. It outlines the exact procedures followed in the encryption. One of the primary tenets of a secure system is that the design be public. If a system relies on its design being private for its security, that is a major weakness. The basic algorithms used here have been around for at least 2 years, and no remotely successful attacks have been discovered. They are considered extremely secure. As described above, CryptDisk source code is available to those who register for it so that third parties can insure the integrity of the algorithms.

IDEA (International Data Encryption Algorithm) was developed by Xuejia Lai and James Massey, and was finalized in 1992. Noted cryptographer Bruce Schneier called it "the most secure block algorithm available to the public at this time." IDEA uses 128 bit keys to encrypt 64 bit blocks. By contrast, the US government's DES (Data Encryption Standard) uses only 56 bit keys. To quote Bruce Schneier's book "Applied Cryptography":

Assuming that a brute-force attack is the most efficient, it would require [2 to the power 128]([10 to the power 38]) encryptions to recover the key. Design a chip that can test a billion keys per second and throw a billion of them at the problem, and it will still take [10 to the power 13] years - that's longer than the age of the universe.

Another algorithm used is a secure one way hashing algorithm called MD5 originally designed by Ron Rivest (the same guy who is the R in RSA public key cryptography). It produces a 128 bit hash of an input, and is considered one of the most secure one way hashing algorithms known to the public.

Just having good algorithms doesn't bring you very close to a secure system without a good implementation. The following paragraphs describe step by step exactly how CryptDisk uses these algorithms.

Passphrase entry for the user is limited for no particular reason to 128 bytes, and requires a minimum of 8 bytes enforced by the dialog(this is also an arbitrary limit). CryptDisk first uses the MD5 algorithm to produce a 128 bit hash of the passphrase. This hash value is then MD5 hashed together with 8 bytes of "salt", or random data which is retrieved from a random pool of data that is seeded with information from various different sources including the user mouse waving dialog. The salt is stored in the clear in the resource fork of CryptDisk files. It is different for each file. The result is then MD5 hashed an arbitrary number of times (usually greater than 128) with various other pieces of information. The final value is the 128 bit user key for IDEA encryption. The user key is only used to encrypt an actual session key which is generated from random data and then encrypted with the user key once. The session key is the IDEA key used to encrypt and decrypt data on the CryptDisk, and it is stored encrypted by the user key (a second time) in the resource fork of CryptDisk files. This is what allows users to change their passwords. CryptDisk need only reencrypt the stored session key with a new user key in order to change the password. The session key is encrypted the first time to insure that it is impossible to predict the random values obtained for the key. That encryption stage is never reversed. The second encryption is to actually protect the security of the key when stored in the file.

CryptDisk stores encrypted 64 bits worth of the 128 bit MD5 hashed and salted user key in order to check that a correct password has been entered. These bits are encrypted with the hashed user key itself. Once a correct password has been entered, the session key is decrypted and the file is mounted as a disk.

Encryption and decryption of the sectors on the disk is done with IDEA on sector boundaries (512 bytes). Each sector has its own IV calculated based on the data actually in the sector, and uses IDEA in CFB (cipher feedback) mode to encrypt. To generate the IV, the first 504 bytes are hashed together into a 64 bit value. This hash is XOR'd with the original 8 bytes of salt from the user key and then hashed with the block number to make sure that no block and no separate CryptDisk file ever encrypts to the same ciphertext. The final hash value is XOR'd with the last 8 bytes of the sector to become the IV for the block. The whole block is then encrypted with that IV and the write operation is completed.

Since our IV has now been encrypted, decryption must begin from after the first 8 bytes, using the first 8 as our IV. The last 504 bytes of the block can be decrypted which provides us with the original IV. This is used to decrypt the first 8 bytes which allows us to calculate the hash check value performed above and XOR that with the last 8 bytes to complete the decryption of the block.

The method described above retains the highest security by using CFB with an IV while not requiring that massive amounts of space be used to store IVs or some other method. The IV is calculated directly from the data encrypted with the IV. The IV and every bit of the following ciphertext depends on every bit in the block. A similar method was first used in the Secure File System(SFS) program available for DOS machines designed by Peter Guttman.

When the disk is unmounted, any memory data structures are cleared to zero leaving no remnant of sensitive data. The only danger is that other programs which may read data off of the CryptDisk may store it in unprotected areas. This could be done by a word processor creating temp files or by the data being swapped to an unencrypted disk by virtual memory. These are issues that are currently outside the scope of CryptDisk, but should be taken note of by the user.


Upcoming Future Enhancements

Happy encrypting! If you are interested in cryptography, get a copy of Applied Cryptography by Bruce Schneier (1994, Wiley and Sons, New York). It is by far the best book on the subject. A lighter tome by the same author which is much more palatable to the casual encryption enthusiast is E-Mail Security: How to Keep Your Electronic Messages Private (1995, Wiley and Sons, New York). Also, subscribe to WIRED magazine.

Feel free to send bug reports, questions, comments or suggestions to my internet address wprice@primenet.com. I do read all e-mail, but I might not be able to reply to it all.


Obtaining CryptDisk

The current version of CryptDisk is available from PGP, Inc. as PGPdisk.

Have you found errors nontrivial or marginal, factual, analytical and illogical, arithmetical, temporal, or even typographical? Please let me know; drop me email. Thanks!
 

What's New?  •  Search this Site  •  Website Map
Travel  •  Burning Man  •  San Francisco
Kilts! Kilts! Kilts!  •  Macintosh  •  Technology  •  CU-SeeMe
This page is copyrighted 1993-2008 by Lila, Isaac, Rose, and Mickey Sattler. All rights reserved.