TINYRIJN, Daemen & Rijmen's BLOCK CIPHER (CFB Mode) =================================================== TINYRIJN is based on RIJNDAEL, the submission of Joan Daemen and Vincent Rijmen, the winner of NIST's AES (Advanced Encryption Standard) competition. I was very impressed with the compactness of the algorithm, and have coded a variation of it in an even more compact CFB block chaining mode based on the prior work of Fauzan Mirza on TinyIdea. And like TinyIdea, the user input key is hashed to get the cipher key, making a better match between the user input key entropy and that available in the cipher key space. The files contained in this .ZIP are: tinyrijn.doc (this file) tinyrijn.8 (the source code) tinyrijn.sig (a PGP detached signature file) To assemble, download the A86 assembler from www.eji.com to a directory in your DOS path. Then from the directory containing the source file, type: a86 +L7P1T16W28 tinyrijn.8 which will generate tinyrijn.com, the executable and tinyrijn.lst, the listing file. Also generated is tinyrijn.sym, the symbol file for use with the D86 debugger. To check the integrity of the source file, type: pgp tinyrijn.sig and enter tinyrijn.8 when solicited for the file name. The result should be indication of a good signature with key 304DB83D The following discussion of the strength, weaknesses, and usage of TINYRIJN is based on the documentation of Fauzan's TinyIdea distribution package. WARNING Due to the strength of the encryption algorithm, the author disclaims all responsibilities for the use or misuse of this software. You are warned that files encrypted with this program will not be recoverable without the correct key. If you lose your key, you lose your data. Introduction TINYRIJN is a tiny file encryption program that uses the RIJNDAEL 128, 192 or 256-bit key cipher. It is used to scramble files such that the original file cannot be recovered without knowledge of the key. The encrypted file overwrites the original, so the original is completely lost, and recoverable only by decryption. This package is presently assembled for 256-bit key and block size. TINYRIJN only needs to know three things to operate: 1. Whether you want to encrypt or decrypt. 2. The name of the file to process. 3. The encryption key. The first two are given to the program as command line parameters, and the program will prompt for the key. The command line syntax is: TINYRIJN + or TINYRIJN - Only one space is allowed between the program parameters. The first parameter specifies the mode: use + to encrypt, or - to decrypt. An example of how you might use TINYRIJN to encrypt a file: TINYRIJN + mailbox.txt Be warned that the key is not hidden as you type it in. This is because TINYRIJN does not verify the key, and it is up to the user to make a visual check to ensure that the key is correct before processing. If it is desired to suppress this visual check, you can append the phrase '> nul' to redirect the output (and, incidentally, the solicitation message) to the null file. After the key is accepted by typing a return, it is blanked out. The encryption key length is determined by the key size set at compile time, and as distributed is 32 bytes. Because the user input key is hashed, this allows 64 bytes to be input to the key solicitation. Remember that the security of your data lies solely on the key, not on the encryption algorithm. Keys shorter than the 64-byte input are still hashed to the 32-byte internal key by a Davies-Meyer hash routine. Secure File Wiping Because of the file overwriting mechanism, TINYRIJN can be used to destroy files such that advanced data recovery methods would be unable to retrieve the original file contents. Simply encrypt the file using a random string as the key (tap the keyboard in various places), then decrypt it using another random string, then encrypt again, then decrypt, and so on. Another helpful technique would be to change the file name after encryption and before deleting it. If all files are changed to the same name (such as XXX) there will be very little in the file directory to point to the deleted file. Technical Summary o Files are processed in place (effectively wiping the original). o It uses a multi-round RIJNDAEL algorithm in cipher feedback mode. The number of rounds used depends on key size. o The 256-byte RIJNDAEL S-box is created at run time from formulas given by Dr. Brian Gladman in his independent C implementation. o The feedback is done on 16, 24 or 32 byte blocks depending on the constant values at compile time. o The initialization vector (IV) is set a value which is the name of the target file (converted to upper case) repeated as necessary to fill the IV space. o Written in 8086 assembly (heavily optimised for size). The source is compatible with Eric Isaacson's A86 assembler, which is available as shareware from www.eji.com. Bugs (more properly, peculiarities) The program permits exactly one space between each of the command line parameters. This is for space efficiency. The direction flag is expected in byte 82h of the PSP, and the start of the file name in byte 84h. Files encrypted twice using the same key will have the first block decrypted. This is an unfortunate consequence of using a fixed IV in CFB mode. This disadvantage is offset by the error recovery feature of the CFB mode. A change of a single bit in the ciphertext will cause the corresponding bit to change in the decrypted text, and the entire next block will be garbled; after that the decryption will be correct.