Files encrypted with crypt are exceedingly easy for a cryptographer to break. For several years, it has been possible for noncryptographers to break messages encrypted with crypt as well, thanks to a program developed in 1986 by Robert Baldwin at the MIT Laboratory for Computer Science. Baldwin's program, Crypt Breaker's Workbench (cbw), automatically decrypts text files encrypted with crypt within a matter of minutes.
cbw has been widely distributed; as a result, files encrypted with crypt should not be considered secure. (They weren't secure before cbw was distributed; fewer people simply had the technical skill necessary to break them.)
Although we recommend that you do not use crypt to encrypt files more than 1 k long. Nevertheless, you may have no other encryption system readily available to you. If this is the case, you are better off using crypt than nothing at all. You can also take a few simple precautions to decrease the chances that your encrypted files will be decrypted:
Encrypt the file multiple times, using different keys at each stage. This essentially changes the transformation.
Compress (24.7) your files before encrypting them. Compressing a file alters the information - the plain ASCII (51.3) text - that programs such as cbw use to determine when they have correctly assembled part of the encryption key. If your message does not decrypt into plain text, cbw will not determine when it has correctly decrypted your message. However, if your attackers know you have done this, they can modify their version of cbw accordingly.
If you use compress or pack to compress your file,
remove the three-byte header.
Files compressed with compress contain a three-byte signature,
or header, consisting of the hexadecimal values 1f
, 9d
,
and 90
(in that order). If your attacker believes that
your file was compressed before it was encrypted, knowing
how the first three bytes decrypt can help him to decrypt
the rest of the file. You can strip these three bytes with the
dd (35.6)
command:
[2]
[2] Using dd this way is very slow and inefficient. If you are going to be encrypting a lot of compressed files, you may wish to write a small program to remove the header more efficiently.
%compress -c <plain | dd bs=3 skip=1 | crypt >encrypted
Of course, you must remember to replace the three-byte header before you attempt to uncompress the file. You can get a header by compressing /dev/null (13.14):
( ) |
% |
---|
If you do not have compress, use tar (19.5) to bundle your file to be encrypted with other files containing random data; then encrypt the tar file. The presence of random data will make it more difficult for decryption programs such as cbw to isolate your plain text.
-
,