CERBERUS
Vulnerabilities
Threats
Countermeasures
FIPS PUB 140-1
DOD 5220.22-M
NCSC TG-25
FIPS PUB 81
FIPS PUB 180-1
DOD 5200.28-STD
INFOSEC
Cryptosystems
Passphrases
Windows® Leaks
System Settings
| ||
|
command encrypts a selected file into a secured document. A secured document includes, pre-pended to the encrypted file, an encrypted header incorporating file integrity information. This information includes the results of a secure hash of the file, per FIPS PUB 180-1. This SHA-1 digest permits subsequent checking of the file for tampering: automatically, as part of the decryption process performed by the Open command; or separately, by the Verify command, in the case of un-encrypted files. The encrypted header also includes the original file size, date/time of last modification, and filename (with space for Win95 long filenames).
NOTE: All encryption is performed on 64-bit (8-byte) data blocks, using Cipher Block Chaining around a triple-DES block cipher (encrypt-decrypt-encrypt in DES Electronic Code Book mode ) with full 168-bit keys. This type of outer-CBC-mode triple-DES allows validation of the core block cipher to be accomplished with Digital Encryption Standard tests from FIPS PUB 81 and NBS Special Publication 500-20, by setting the 64-bit CBC initialization vector to all-zeros and making the key equal to three identical copies of the 56-bit DES key. Unlike the commonly-used 112-bit "EDE triple-DES" using only two 56-bit keys, one for both DES ECB encryptions and one for the intervening DES ECB decryption, Document Security Manager uses 3 independent 56-bit DES keys, yielding a full 168-bit key space.
The header and the file are each encrypted with the same one-time session key, randomly generated for each encryption, in order to minimize the ciphertext-per-key available for cryptanalytic attack. The session key is then encrypted with a master key generated from your selected passphrase, and pre-pended to the encrypted header along with the CBC initialization vector. (You are given the option of using a separate name and passphrase for any file you wish to send to another user of this program, without changing your own passphrase.) A different random initialization vector is used each time, for maximum defense against known- or probable-plaintext attacks.
NOTE: All session keys and CBC initialization vectors are generated with a DES-based ANSI X9.17 key generator. It is seeded by an SHA-1 hash of the least-significant bytes of your inter-keystroke delays (to one-millisecond precision), accumulated afresh from each passphrase challenge dialog. Your master key is generated from an SHA-1 hash on the characters entered, which is spread over the 168-bit key by iterative triple-DES encryptions in order to delay dictionary attacks. In both cases, both your name and passphrase are included in the hashes, making your master key different from that of another user using the same passphrase, and maximizing the entropy of the key generator seed.
Consequently, an encrypted file enclosed in a secured document is preceded by 328 bytes (8 bytes for the random initialization vector and 24 for the one-time key encrypted with the masterkey, plus the 296-byte header encrypted with the same one-time key as the plaintext), and followed by as many padding bytes as are needed to make the total an integer multiple of the 8-byte cipher block size (0-to-7 bytes). This yields a maximum of 335 bytes of "security overhead" for each document.
NOTE: The pattern-destroying effectiveness of high-grade encryption renders secured documents essentially incompressible. If disk space or transmission bandwidth are at a premium, the file should first be incorporated in a compressed archive, such as a zip-file, which can then be encrypted into a secured document. This procedure is also recommended for files having linked and embedded graphic image files, rather than attempting to treat each of these linked files as a separate document.
The file integrity-checking information, the session key and the path to the file's last known location on your disk are also saved in a Document Inventory file (document.log), which is similarly encrypted with a one-time session key. This enables you to quickly change your passphrase without having to completely re-encrypt all your existing secured documents. (The 24-byte master-key-encrypted session key is the only part of each document changed.)
However, each secured document is completely self-contained so that you may always decrypt its contents, even if the Document Inventory file is deleted or damaged. This also allows you to Open a secured document on another computer, where the Document Inventory file doesn't include a record for that document (but will, once you Open it).
Your encrypted Document Inventory file may be accessed with a command on the System Menu, so you can conveniently Secure (or Open or Destroy) multiple documents from a batch dialog. Opened documents are listed with a preceding ' - ' to contrast them with secured documents (marked with an ' x '). The dialog has a 30-second inactivity time-out, as opposed to the 15-second inactivity time-out that normally clears from memory the keying information generated by your most recent passphrase dialog.
The Secure command is also accessable from the System Menu. On Win95 systems, this allows you to keep Document Security Manager discretely minimized and to control its functions by right-clicking on its Task Bar button. On Win3x systems, which don't have a Task Bar, the Secure command is also appended (along with the Open and Destroy commands) to the System Menu of any other active program. These features are designed to allow your remote control of a minimized Document Security Manager from within those programs that you are using to work on the contents of your documents.
Cerberus Systems, Inc. develops, manufactures and markets
software cryptosystems designed to level 1 of FIPS PUB 140-1
with DOD 5220.22-M disk data recovery countermeasures.
The Cerberus logo and the ...Security Manager product names are trademarks of Cerberus Systems, Inc.
© Copyright 1997-99, all rights reserved.