codeit_header.gif (34984 bytes)

XSecure v1.10 & encryption faq's...

- privacy policy

- atec ware
- browser ware

- security ware

The following are support questions / answers for XSecure v1.10 as well as general encryption information...

How does the length of the password key, that I assign to encrypted files, relate to the strength of the encryption? The Blowfish algorithm will accept up to 56 characters as the password key. To encode a file, using 128 bit encryption, use a 16 character password key, a 8 character password key would be equal to 64 bit encryption. (i.e. 1 character = 8 bits, 56 characters would be equal to 448 bit encryption). 

I am using Windows 2000 or XP as my operating system, the software works just great except but for one problem, being that the icon does not change to the "encrypted key" icon like it is suppose to. What can I do? Due to certain aspects of the Windows 2000 & XP active registry system, you must  physically associate the file type. Do this by opening "My Computer", Folder Option, File Types. Select to create new. Under "Description of type enter "XSecure Encrypted file, in the "Content Type" field enter "text/plain, under "Default Extension for content type enter ".txt. Create NEW action of OPEN then browse to locate the path of XSecure .exe file. Click Apply. This configuration, will assign the red "X" icon to any file that has been encrypted by XSecure from then on.

Can I encrypt my e-Mail with this software? You can encrypt a file or a text message. You can then attach it to an e-mail message, or you can store it on a floppy and send it tied around your dog's neck and holler "mush" for that matter!

I have lost my password key for several files that are encrypted. Can you send me the "back door" key to open? NO! There is absolutely NO backdoor password key programmed into this software!

Doesn't the fact that you advertise that this software is using the Blowfish cipher weaken the protection of my encrypted files? No it does not. Any serious cipher is designed with the assumption that an adversary knows all about the cipher and its implementation. If security is based on hiding the cipher algorithm, it is a clear sign of very weak security (commonly referred to as "snake oil" by experianced cryptographers). There are a lot of examples of this such as the recent story about breaking the DVD protection (DeCSS program). Blowfish algorithm is published by its authors and the decryption/encryption source code is freely available. Even though everybody knows how the cipher works, still nobody knows how to break it (short of knowing the correct password, of course).
By the way: this is the case with all widely used encryption algorithms. Their descriptions and/or implementations are available.

Is the password key stored in the encrypted file? .Not exactly. The password key is not stored anywhere in the file. Following good encryption practices only hash of password key is stored (that, in case you're interested, is created with the SHA1 algorithm). When decrypting a file, the password supplied by the user is hashed then compared with hash of original password. If the two are identical file can be decrypted, if not - then decryption is impossible.

What is the difference between 448-bit and 48-bit encryption?
The main difference is that 448-bit encryption provides a significantly greater amount of cryptographic protection than 48-bit encryption. With the increasing computing power of potential criminals, it is becoming more necessary to employ larger keys, as evidenced by a recent study by several leading cryptographers.

In terms of what the numbers represent, "128" and "64" bit encryption refer to the size of the key used to encrypt the message. Roughly speaking, 128-bit encryption is 309,485,009,821,345,068,724,781,056 times stronger than 64-bit encryption. Presently, 64-bit encryption is not considered "strong" security in the cryptographic community. However, even taking into account Moore's Law, which states that computing power doubles about every 18 months, 128-bit encryption represents a very strong method of encryption for the foreseeable future.

Why do I have to be downloading the registered version from the  U.S. or Canada? Why does the evaluation version only allow 48- bit encryption? At this time encryption technology is controlled for export by the U.S. Government. The software may also be subject to import and/or use regulations in foreign countries. For more information on the U.S. Export Administration Regulations ("EAR"), 15 C.F.R. Parts 730-774, and the Bureau of Export Administration ("BXA"), please see the BXA homepage at http://www.bxa.doc.gov. Note: the evaluation version only allows for 48-bit encryption; therefore, making download possible without restriction.

What does the "Secure file delete" function do? As you probably know, when you delete a file it is not really deleted (as Ollie North found out after the fact), with special software the file can be retrieved from the system's hard drive or floppy. If you have sensitive documents that you don't want to take the chance of being recovered then this function is for you. This function opens the selected file in binary mode, over-writes it several times, then kills the file from the system. But be aware! Once you select a file to delete (using this software) it is gone!