File Security, Ownership, and Sharing
Files encrypted with
are exceedingly easy for a cryptographer to break.
For several years, it has been possible for noncryptographers
to break messages encrypted with
thanks to a program developed in 1986 by Robert Baldwin at the MIT
Laboratory for Computer Science. Baldwin's program,
Crypt Breaker's Workbench (
automatically decrypts text files encrypted with
within a matter of minutes.
has been widely distributed; as a result, files encrypted
should not be considered secure. (They weren't
was distributed; fewer people simply had the technical skill necessary to break them.)
Although we recommend that you do not use
to encrypt files
more than 1 k long. Nevertheless, you
may have no other encryption system readily available to you. If this is
the case, you are better off using
than nothing at
all. You can also take a few simple precautions to
decrease the chances that your encrypted files will be decrypted:
Encrypt the file multiple times, using different keys at each stage.
This essentially changes the transformation.
your files before encrypting them.
Compressing a file
alters the information - the plain
text - that programs such as
use to determine when they have correctly assembled part of
the encryption key. If your message does not decrypt into plain text,
will not determine
when it has correctly decrypted your message.
However, if your attackers know you have done this, they can modify their
If you use
to compress your file,
remove the three-byte header.
Files compressed with
contain a three-byte signature,
or header, consisting of the hexadecimal values
(in that order). If your attacker believes that
your file was compressed before it was encrypted, knowing
how the first three bytes decrypt can help him to decrypt
the rest of the file. You can strip these three bytes with the
compress -c <plain | dd bs=3 skip=1 | crypt >encrypted
Of course, you must remember to replace the three-byte header before you
attempt to uncompress the file.
You can get a header
(compress -cf /dev/null;crypt <encrypted) | uncompress -c >plain
If you do not have
to bundle your file to
be encrypted with other files containing random data; then encrypt the
The presence of random data will make it more difficult for decryption
programs such as
to isolate your plain text.