ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ Enigma for Windows ³ ³ Release 2.0 ³ ³ User Manual ³ ³ (C) Copyright 1992-1994 by SWS ³ ³ All Rights Reserved ³ ³ Shareware - Made in Germany ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Stefan Wolf Software GartenStr. 22 D-61449 Steinbach/Ts. FAX TAM: +49 (0) 6171 980483 Compu$erve: 100111,140 Table of contents ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1. What is Enigma for Windows ? ............................ 1 1.1. Changes since version 1.1 ............................ 2 1.2. Specifications ....................................... 2 1.3. Technical support .................................... 3 2. Installation ............................................ 3 2.1. System requirements .................................. 3 2.2. Installation procedure ............................... 3 2.2.1. The setup program ................................. 3 2.2.2. Installing Enigma ................................. 4 2.3. Updating Enigma ...................................... 4 2.4. Starting Enigma ...................................... 4 3. The first steps ......................................... 5 3.1. The Enigma interface ................................. 5 3.2. The Enigma setup ..................................... 6 3.3. Default user password ................................ 7 4. Working with Enigma ..................................... 8 4.1. Selecting several files .............................. 8 4.2. EnCrypting file(s) ................................... 9 4.3. DeCrypting file(s) ................................... 10 4.4. Wiping file(s) ....................................... 11 5. Algorithms .............................................. 11 5.1. Data Encryption Standard (DES)........................ 11 5.1.1. The safety of DES ................................. 13 5.2. S-ROTOR .............................................. 13 5.3. Regular expression ................................... 14 1. What is Enigma for Windows ? ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Enigma is a powerful program for ciphering and deciphering files of any type. Besides being able to conceal the contents of files it can be used as an electronic paper shredder. This program is named after the legendary encoding machine that was used by the Germans in the Second World War. Everyone has files that should not be seen by others. Be it a patent or something as important as a love letter. Everyday many employees handle data that isn't meant for the eyes of others, for example company statistics, personnel records, payrolls and others. This type of data is only "safe" after it has been locked away with a lock and key. In this day and age of massive computer use by banks, doctors, officials and a multitude of other offices it has become necessary to find alternatives to the traditional methods of securing data. Computer networks and the free exchange of data across these networks have added a whole new dimension to this problem. Even though it is a good idea to lock away diskettes which contain sensitive data, encoding the data on those diskettes and using your own personal password as the key gives you a higher level of security. You should always encrypt sensitive or secret documents that you have received so they can under no circumstances be read without your permission. Encrypted files cannot be read or deciphered by any other users. The only way to make the file readable and usable again is to decipher it with the same password that was used to encrypt it. The ability to keep your data safe from unauthorised access depends on the ciphering method that you use. Two methods have gained widespread acceptance; the RSA-Encryption method and the Data Encryption Standard (DES). The DES is used by many US. Government agencies and is a de facto standard. This method was also implemented in Enigma because of its safety and proven workability in everyday use. One can be sure that data encoded with DES cannot be decoded in a reasonable amount of time with the help of a supercomputer. Many offices and government agencies use paper shredders to destroy their sensitive documents. The Enigma function "Wipe" is the electronic equivalent of this. Many computer users don't know that files deleted with the DOS command "del" can often be recovered from their hard disks without much trouble even after a longer period of time. After using the "Wipe" function on a file you can be sure that no trace of it can be found on your hard disk any more. Enigma User Manual page 1 1.1 Changes since version 1.1 ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ * A comfortable installation program has been added * Context sensitive help by pressing the F1 key * Ciphering, deciphering and deleting of several files or whole directories in one step * Dialog controlled choice of the target directory * Stopping the ciphering process * 15 % performance gain * The option of compressing a file before it is encoded has been removed. A program with this functionality is available separately. * Files created with Version 1.x are incompatible with version 2.0. This was necessary in order to permit the simultaneous handling of several files. The product of this work is a modern directory structure on which future versions will be oriented. 1.2 Specifications ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The DES-Algorithm used in this program conforms to the following standards (as far as this is possible for a software implementation). FIPS PUB 46-1 - Data Encryption Standard (1988) Contains the specification for the Data Encryption Standard (DES) algorithm, which can be implemented hardware to protect sensitive unclassified information. FIPS PUB 74 - Guidelines for Implementing and Using the NBS DES (1981) Companion to FIPS PUB 46-1. Contains guidance for the use of cryptographic techniques. FIPS PUB 81 - DES Modes of Operation (1980) Companion to FIPS-PUB 46-1. Contains descriptions of the four modes of operation for the DES: Electronic Code book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB). ANSI X3.92 - Data Encryption Algorithm (DEA) ANSI X3.106 - DEA Modes of Operation In 1986 the ISO published the "DEA-1" specification, where it is recommended that DES be used for encoding data. The Wipe algorithm conforms to specification CSC-STD-005-85 of the National Computer Security Centre, it is described in the Department of Defence Magnetic Remanence Security Guideline, 15 Nov. 85, Section 5.3.1 . Enigma User Manual page 2 1.3 Technical support ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ All questions regarding registration, technical support, discount and wholesale prices should be addressed to: Stefan Wolf Software; GartenStr. 22; D-61449 Steinbach/Ts. FAX TAM: +49 (0) 6171 980483 Compu$erve: 100111,140 2. Installation ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 2.1 System requirements ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The minimum requirements for running Enigma version 2.0 are: Software: * Microsoft Windows Version 3.1 or Windows NT * IBM OS/2 Version 2.1 Note: If you use on-line compressors such as "Stacker" or "DoubleSpace" we cannot guarantee that data which has been deleted with Wipe cannot be recovered again. Hardware: * Enigma does not require any special hardware to other than the computers ability to run one of the above mentioned operating systems. Note: Even though Enigma uses very fast algorithms their complexity make ciphering and deciphering data a time-consuming operation. It is therefor recommended that you use an AT-486. 2.2 Installation procedure ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 2.2.1 The setup program ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The setup program carries out the following tasks: * Copies the Enigma program files into the directory of your choice (default C:\Enigma20). Enigma Version 2.0 uses approximately 700 KB. * It modifies the Windows initialization file WIN.INI by adding the following line "en2=C:\ENIGMA20\ENIGMA20.EXE ^.EN2". * Creates the Windows Program Manager group "Enigma20" * Creates the file ENIGMA20.INI in the Windows directory Enigma User Manual page 3 2.2.2 Installing Enigma ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1. Start MS-Windows. 2. Start the program manager. 3. Click the Run command in the File menu in the Program Manager. 4. Type in A:\INSTALL or B:\INSTALL depending on which drive you are installing from. 5. A dialog box will appear and the recommended directory for the installation of Enigma will be shown. Choose the directory in which you want to install Enigma. If the chosen directory doesn't exist it will be created. Click the button "OK" to start the installation. 6. The installation program will now begin to copy the Enigma files to the target directory. Note: If you want to install Enigma in a network environment make sure that you have the necessary write permission. 2.3 Updating Enigma ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The versions 1.1 and 2.0 are not compatible. It is therefore necessary to decipher the data with version that it was encoded with. 2.4 Starting Enigma ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Enigma can be started from Windows or from the MS-DOS prompt. Starting Enigma from the Windows Program Manager 1. Open or activate the Program Manager window. 2. Open the group window which contains Enigma. 3. Double-click the Enigma symbol or use the cursor and press "Enter". Starting Enigma from the Program Managers "File" menu 1. Open the "Files" menu in the Program Managers menu bar 2. Click "Run" > If Enigma is in your path enter Enigma. > If Enigma is not in your path enter the complete path to where Enigma is located, for example C:\ENIGMA20\ENIGMA20.EXE. 3. Click "OK" Enigma User Manual page 4 Starting Enigma from the DOS-prompt 1. At the DOS-Prompt type the command "win enigma20". 2. Press "Enter" Note: If you receive a message that the file could not be found this means that the directory containing Enigma is not in the path. Change to the directory which contains Enigma20.exe and try to start Enigma again. Starting Enigma from a Windows command line interface 1. Once WinCLI, WinCLI Pro, 4Win ... is running change the directory to where Enigma is located enter "Enigma20". When you start Enigma for the first time you will see a dialog box which will ask you to register the program. Enter your registration number here. You will find it on your program diskette. The DES Algorithm is not available until you have entered your registration number. 3. The first steps ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 3.1 The Enigma interface ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ In the main window you will find two list windows and several text fields, 6 dialog buttons, a few status elements and the menu bar. Dialog Buttons: Each of these 6 buttons (from left to right) has an equivalent in the menu bar. It is also possible to activate each button by a series of key strokes. * Select Files: Opens a dialog in which a single file or whole directories can be selected. [(ALT-S),(ALT-F,S)] * Encrypt: Ciphers the chosen files. [(ALT-E),(ALT-R,E)] * Decrypt: Deciphers the chosen files. [(ALT-C),(ALT-R,C)] * Wipe: Deletes the chosen files. [(ALT-W),(ALT-R,W)] * Setup: Opens the window in which various Enigma parameters can be changed. [(ALT-U),(ALT-O,U)] * Exit: Exits Enigma. [(ALT-X),(ALT-F,X),(ALT-F4)] List Windows * Left: Shows the files which are in the current directory. * Right: Shows all directories and drives. Text Fields * Input file: This text field shows the name of the input file. It is automatically filled by clicking a file in the left directory window. * Output file: Text field for the name of the output file. You must manually enter the name of the output file here before encrypting. Enigma User Manual page 5 * Files in: Shows the current directory. * Size: Shows the size of the selected input files. * Date: Gives the date on which the encoded file was created. * Bottom border: A text field in which help texts are displayed dependent on the mouse cursor position. Status Elements * Selection: This status element is marked if a valid input file has been selected. * Original: This status element is on if the file shown in the input file field has not yet been encrypted. If you want to encrypt a file that has already been encrypted you must click this element. * Encrypted: This status element is marked when the file in the text field "Input File" has been encrypted. * DES Engine: Status element shows that the DES algorithm is being used. It is automatically marked when a DES encrypted input file has been chosen for decoding. * S-Rotor: Shows that the S-Rotor algorithm is being used for encryption and decryption. It is set automatically when the input file has been encrypted with S-Rotor. 3.2 The Enigma setup ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This dialog box is opened by clicking the Setup Button in the Main Dialog Box or by pressing the key combination (Alt-U). This chapter discusses the configuration of the Enigma environment. û Delete files with a simple delete instead of using Wipe (default: not marked) (KeyStroke ALT-R) The file are simply deleted and can possibly be restored. û Remove empty directories when deleting directory trees (default: marked) (KeyStroke ALT-V) Removes empty directories when deleting whole directory trees with Wipe. û Create necessary directories while deciphering (default: marked) (KeyStroke ALT-C) Creates the necessary directory structure while deciphering. If this button is not marked the filenames containing a path name will be written into the current directory. For example, "tmp\dir1\file.txt" will be deciphered and written into the current directory with the name file.txt. û EnCrypt all marked files without further questions (default: not marked) (KeyStroke ALT-E) If this status element is marked the selected files will be encrypted without further question, otherwise you would be able to modify your selection in an dialog box. Enigma User Manual page 6 û Wipe out all marked files without further questions (default: not marked) (KeyStroke ALT-A) If this status element is marked the selected files will be wiped without further question, otherwise you would be able to modify your selection in an dialog box. û Use available network drives for temporary files (default: not marked) (KeyStroke ALT-U) If there isn't enough space on local drives temporary files are created on available network drives. û Regular MS-DOS expression (default: marked) (KeyStroke ALT-G) When this status element is marked the use of "*.*" also leads to the inclusion of files that do not end with an extension. For example, the file "Makefile" would be selected by using "*.*". Otherwise, when this status element is not marked you would have to use the UNIX-like regular expression "*" to include such files. û Higher multitasking (default: marked) (KeyStroke ALT-M) If this status element is marked, MS-Windows has more time to process the internal message queue and it uses more CPU time for other applications which are running. û Use File extension [en2] (default: marked) (KeyStroke ALT-F) If you don't add an extension to the name of the output file, Enigma will automatically add the extension "EN2". The use of a systematic extension can be helpful in relocating encrypted files. û Prompt before wiping a file (default: marked) (KeyStroke ALT-W) Asks for confirmation before deleting an file with "Wipe". û Prompt before overwriting a file (default: marked) (KeyStroke ALT-O) Asks for confirmation before writing back an decrypted file. This option should always stay marked and you should always make sure that the file was decoded with the right password otherwise rubbish might be written over the input file. Changes in this menu are only active for the current session. If you want to change the option's permanently you must click the button "Save Options" (KeyStroke ALT-S). 3.3 Default user password ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ With the help of this dialog you can set a fixed private password which can be used for encryption. This feature is only available in the registered version because registration number must be entered in order to store this password. You should keep your installation diskette in a safe place so that no one can find out its number. Enigma User Manual page 7 4. Working with Enigma ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Before you can encrypt or delete several files in one step you must collect them in a file list. This section will lead you through the selection process. 4.1 Selecting several files ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This dialog box contains three list windows which are used to select and collect the files that are to be encrypted or deleted. With the help of various buttons you can select individual files or whole directory trees. The selected files are listed in the bottom window. Marked files in the other two windows can be moved to the bottom window by clicking the "Update" button. After you are done selecting files confirm your selection by clicking the "OK" button. * Mask: When you activate this button the "File" list window (left) is updated according to the file mask (Regular expression) on its left side. (KeyStroke ALT-M) * Start Dir: This button selects the starting directory for the encryption. When you are working with several files in different directories a defined starting point must be set in order to restore the directory structure when the files are deciphered. At first this switch is not available and the current directory is set as the starting directory. This switch becomes active when you change to a directory which higher up in the directory hierarchy ([..]) than the current starting directory or when you change to another drive. (KeyStroke ALT-T) * Select All: Tags all files in the left list window. The left list window allows a so called multiple choice selection, this means that you can select files by simply holding down the left mouse button and pulling the mouse cursor downward. If you press the CTRL key at the same time you can also select files which don't immediately follow each other. (KeyStroke ALT-S) * DeSel. All: Untags all files in the left list window. (KeyStroke ALT-D) * Recursive: Clicking this button causes the highlighted directory in the right list window to be tagged. Clicking the "Update" button will copy all files in that directory or those of its sub directories into the bottom list window in accordance with the file mask. (KeyStroke ALT-R) * Update: This button causes all tagged files to be copied into the bottom list window. It must activated again to copy each subsequently tagged file into the bottom list window. (KeyStroke ALT-U) * Reject: Removes tagged files from the bottom list window. (KeyStroke ALT-J) Enigma User Manual page 8 * Reject All: Removes all files from the bottom list window. (KeyStroke ALT-A) Further information about a file can be obtained double clicking it in the bottom list window. Note: In this version of Enigma for Windows the number of files that can be selected in one step is limited by the way MS-Windows handles standard list-boxes. This problem will be overcame in the next version of Enigma. If you specify an existing archive file as an output file Enigma will add to it all files that it doesn't already contain. 4.2 EnCrypting file(s) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ It is possible to either encrypt a single file or several files at once. If several files are to be encrypted they must be tagged in the dialog "Select files". A permissible selection of files can be recognised by the status of the status element "Selection". In this case the words ">> Selection List <<" will appear in the text field "Input File", if only one file is selected this text field will contain the file name. Now you can type the name of the output file without the path in the text field "Output File". After selecting the input file(s), output file the encryption algorithm must be chosen. In order to do this click either the status element "DES-Engine" or "S-ROTOR", then confirm the choice by clicking the button "EnCrypt" or by choosing the command "EnCrypt" in the "Run" menu. If you have selected several files a new dialog will appear which prompts you to confirm your selection. Use the 4 switches in the middle of the dialog box to move the files around between the list windows. All files shown in the bottom list window will be encrypted. When you are ready to encrypt click the "OK" button. Note: The status element "Original" must be marked if an encrypted files is to be encrypted again. A dialog will appear in which you can chose in what directory the output file will be copied into. Compare the file size with the directory size in order to ensure that there is enough space to hold the output file. Before the selected files are encrypted you must enter your personal password. No one can decode these encrypted file without knowledge of this password. The password should be at least 5 characters long and it can contain any character which you can enter with the keyboard. Enigma is case sensitive, that means it differentiates between an "a" and an "A". The password is not shown on the screen when you enter it for protection against unwanted observers. For safety reasons it has to be entered twice (Fields Password: and Confirmation:). Enigma User Manual page 9 Clicking the "Make Key" switch causes an eight character password to generated by a random character generator, it can be seen in the field "Automatic:". You should write this password down before clicking "OK". Now the encryption process can be started; a new window will appear which informs you about the encryption process and from here you can interrupt the encryption process at any time. Warning: If you have selected an encrypted file as the output file all files will be appended to it which aren't already contained in it. If files have been selected with the same name(s) as those already in the encrypted file the latter will be replaced. If you use a different password from that in the existing encrypted file you must ensure that you use the appropriate password for each encrypted file. We do NOT recommend this procedure !!! 4.3 DeCrypting files(s) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Tag the file that is to be decrypted in the left list box in the main dialog. If the file is encrypted the status element "Encrypted" will automatically be marked. You can only decipher files with Enigma that were encrypted with Enigma. The file name will appear in the text field "Input file". After the file has been selected click the switch "DeCrypt" or activate the "DeCrypt" command in the "Run" menu. After this a dialog will appear which shows what files are present in the input file. Here it is possible to select the files which should be deciphered. Confirm the selection by clicking "OK". Now a new dialog will appear in which you can select in which directory the deciphered files should be copied into. Afterwards a new dialog will prompt you for the password that was used to encrypt the file(s). The deciphering process can now be started. Once started a new window will appear which informs you about the deciphering process. Here the deciphering process can be interrupted at any time. Warning: After all the files in your input file have been deciphered make sure that your data has been deciphered correctly before you delete the input file. Enigma has no way of testing whether the correct password was used to decipher the file(s) and there is no sure way of testing whether the result is meaningful. If you use the wrong password to decipher the file the output file will contain rubbish and you must decipher the input file again with the correct password. Enigma User Manual page 10 4.4 Wiping file(s) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ It is possible to delete a single file or several files at once. If several files are to be deleted they must selected and tagged in the dialog "Select Files". A permissible selection of files can be recognised by the status of the status element "Selection". In this case the words ">> Selection List <<" will appear in the text field "Input File", if only one file is selected this text field will contain the file name. After this is done you can click the "Wipe" button or activate the "Wipe" command in the "Run" menu. If you have selected several files a new dialog will appear which prompts you to confirm your selection. When you are ready to delete click the "OK" button and a new window will appear which informs you about the progress of the deleting operation and here it is possible to interrupt the operation at any time. Warning: After this operation the data is lost for ever, so please be careful when selecting the files which you want to delete. 5. Algorithms ÄÄÄÄÄÄÄÄÄÄÄÄÄ 5.1 Data Encryption Standard (DES) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ In 1972 the National Bureau of Standards (hereafter: NBS) made a public invitation to tender for the development of a program which would allow files (unclassified computer data) of any type to be encrypted. The low response prompted the NBS to ask the National Security Agency (NSA) for help. Here they had some experience in the development of simple encoding and encryption algorithms. After long discussions the NBS decided to use the Data Encryption Standard (short DES) as a standard. The DES had been developed at IBM. The DES has its roots in an encoding method which was developed in Germany during WW I by an electrical engineer named Arthur Scherbius. In the second World War the Germans developed an electromechanical encoding device called "Enigma 4" which was based on the work of Arthur Scherbius. Like Enigma the DES uses a series of permutations which for themselves are individually rather simple but when used repeatedly they are extremely complicated. In the Enigma encoding machine the permutations are generated by mechanical wheels while in the DES they are produced by program code or by hard wired chips. When the encoding is done on a computer the symbols that need to be encrypted are binary numbers (bits), the electromechanical Enigma encoded the letters of the alphabet. The DES handles a series of 64 bits at one time. This means that the file that is to be encoded has to be broken down into a series of 64 bit sequences. What the DES algorithm does with a file that is to be encoded can be Enigma User Manual page 11 compared with a river that continually parts and recombines in an extremely complicated manner. DES splits the 64 bit long sequence apart with a multistage algorithm and combines it with the 64 bit (8 character) long user password. Since many communications programs transfer data (bytes) with 7 bits and use the eighth bit as parity the most significant bit (msb) of each password character is not used in this combination process. At first the 64 bit long sequence is subjected to a fixed entrance permutation and subsequently split into two 32 bit blocks, the so called left and right halves. Then each block is then hacked apart in 16 iterations, this operation serves to make the blocks completely unrecognisable. The resulting encrypted 32 bit blocks are then permuted back to a 64 bit block by a permutation table which is the inverse of the first permutation table. This encrypted 64 bit block is then written to the output file. In each iteration the left hand block is coupled with the 32 bit output of the function è by an XOR operation. The sixteenth iteration makes an exception, here the blocks are swapped. The function è receives the right hand block and the 48 bit output of the function ë as its arguments. The right hand block will from now on be called R. è permutes R's 32 bits to 48 bits. The permutation used here results from an XOR coupling with the 48 bit output of the function è. The 48 bit result is then split into eight 6 bit values. The function Ÿ then substitutes a 4 bit value for each 6 bit value. The eight 4 bit values are then combined to a 32 bit value, which is then coupled with a further permutation table. The resulting 32 bit value of this permutation is the output of the function è. The function Ÿ composed of eight sub functions Ÿ1,Ÿ2,...,Ÿ8 which are used on the eight 6 bit values from above. Each sub function has its own permutation table. In this table a 16x4 matrix each of the 64 elements has value between 0 and 15 and a 4 bit value which substitutes a 6 bit value. The matrix co-ordinates of a 6 bit value are obtained in the following manner: bits 1 and 6 give column 0..3, with bits 2 through 5 the row 0..15 is calculated. The function Ÿ returns the 4 bit value of the so addressed matrix element. The purpose of Ÿ is mix up password and text in such a fashion that after only a few iteration steps each password character is dependent upon each text bit and each other password character. Here by the frequency distribution of the characters in the text is completely smeared out and a so-called "Frequency Analysis" is made impossible. The function ë returns a 48 bit value which is created with the help of the password. The arguments of ë are the number of the current iteration and the password. Enigma contains two further permutation tables for the password. In the first iteration the password is permuted with the first table and then split into two Enigma User Manual page 12 halves. Each of these halves is shifted to the left once (1,2,9,16) or twice (3-8,10-15) depending on the iteration number. An internal table controls the shifting process. Each subsequent iteration uses the shifted value of the preceding iteration as input, then it shifts the value again and finally it permutes it with the second permutation table. The deciphering process use the same algorithm, except that the output of the function ë occurs in reversed order. 5.1.1 The safety of DES ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ >> The best that can be expected is that the degree of security be great enough to delay solution by the enemy for such a length of time that when the solution is finally reached, the information thus obtained has lost all its value. << William F. Friedman It can be shown that after a few iteration steps each bit in the encrypted file is dependent upon each bit of the clear text and\or the password. A minimal change in the clear text or the password causes more than half of the bits in the encrypted file to change, this is the so-called avalanche effect. Because a "Frequency Analysis" is made impossible by the DES a potential hacker has only one method of finding the correct password, that is simple trial and error. If one considers a password length of eight characters that makes 64 bits minus the 8 parity bits to be tried out. This means theoretically 72 quadrillion (2 exp 56) passwords have to be tried. With the help of a custom chip which is able to test a million passwords a second it would take about 2284 years to try all possible combinations. 10000 of these chips in a parallel array would get the same result in about 80 days. A test for the plausibility of the deciphered text which has to be done after each test is not included in these calculations. The weakest link in the DES is the exchange of passwords between the users. 5.2 S-ROTOR ÄÄÄÄÄÄÄÄÄÄÄ The S-Rotor uses an XOR substitution algorithm, this means that every character of the text is coupled with a character in the password by a XOR operation to produce a character in the output file. This means that in contrast to trivial encoding algorithms where the characters of the password are coupled with the text characters one after another the S-Rotor uses a procedure that randomly selects a character of the password to couple with a character of the text. The randomising procedure is dependent upon the length of the password. By filling the output buffer with random numbers the degree of disorder is further increased. Because the password itself is not written into the output file it would be very difficult to decipher a text without knowledge of the password Enigma User Manual page 13 even if you had the source code of S-Rotor. You should thoroughly memorise your password. If a file is accidentally encoded more than once it can be decoded by entering the passwords in the opposite order. A text that has been encoded twice with the same password does NOT yield the original text. 5.3 Regular expression ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ In the "Select Files" dialog a (limited) regular expression can be entered to create a file mask. The following characters have been implemented: * Matches any sequence of characters including a sequence of length zero ? Matches every single character [...] Character set, it matches any one of a group of characters that are enclosed in the square brackets [^...] Complemented character set, this matches any character which is not inside the brackets - Can be used inside brackets to define a range of numbers. For example, sws[1-36] matches sws1, sws2, sws3 and so on \ This is used to suppress the special meaning of a character when matching. For example \] matches the character "]" also "\[" and "\-" can be used anywhere inside a bracket and "\^" directly after the opening bracket. The expression \xyz is equivalent to the ASCII character whose octal value is equal to xyz. All other character match themselves -End of file- Enigma User Manual page 14