Right now, the user of Treek’s Password Manager (TPM) can choose from two encryption algorithms to protect his password databases:
- Rijndael (AES)
- JDSW Crypto
There are many articles which explains how Rijndael cipher works. As we use standard implementation of Rijndael (AES) recognized by the most known operating systems, you can consider cipher strength on your own by checking our application and the .NET Framework cryptography integration. Below we will try to explain, what lead us to use of own encryption algorithm (called JDSW Crypto), how does it work and why we think it’s secure enough to protect your passwords.
The secure cryptography is based on fact, that there’s not enough computer power on the world to calculate the encryption key used for encryption algorithm we selected. This practically means, that every crypto algorithm will expire in some time. It can be 10, but even more years. If the cipher is wrong designed or its implementation is weak, it can be less. For example, widely used one-way hashing algorithm SHA1 is now considered as weak.
Why JDSW Crypto exists
In the most recent years, many discoveries were made about how NSA (or other state agencies) cracks the most recent encryption. Even weak pseudo-random number generators were proposed as global encryption standard and many other stories about encryption breaking appeared on the public resources. We have to consider that there are and will be the secret operations which will target encrypted communications and cryptography related information. We can’t prevent it, but we can make the work for attacker much harder by using custom, but secure encryption.
I will return to the introduction little bit, in .NET Framework, there’s class called RFC2898DerriveBytes which should be used for secure derivation encryption key bytes from user supplied information (password) and other information like number of iterations and cryptographic salt. But this class uses the outdated SHA-1 algorithm for derivation of symmetric encryption key bytes. Also, it does not supply any option to use different hashing algorithm. So, JDSW Crypto contains it’s own derivation function based on the RFC2898 standard (also called PKBDF2), but using SHA-256.
As we periodically check the security magazines we have made another discovery. Recent time the group calling itself “The Shadow Brokers” released the archive of tools which probably came from some NSA operations. The most security analyst consider these archives and findings as not faked. It probably appeared in public (was found by The Shadow Brokers group) due to mistake of NSA employee. We also believe, that these information are valid and can be used for further research. As one of the research results, we found that NSA extensively uses RC6 algorithm for encrypting the data they stole from it’s targets. RC6 is not widely available and it is registered trademark of RSA corporation. It was proposed as AES (Advanced Encryption Standard) but it was not selected. Due to findings above (and more mathematical and practical implications) we think it’s a good cipher, and we’re not the first one made this decision. Thus we have chosen RC6 for further research and development of our encryption algorithm.
To further explain, the RC6 can be described as a set of functions to create encryption key, encrypt and decrypt routines. JDSW Crypto differs from RC6 heavily in encryption key creation, but uses similar (not the same) Feistel function to encrypt/decrypt byte data. Our goal was to add more strength while creating JDSW Crypto than RC6 or Rijndael (AES) provide.
From the attacker’s point of view it means, that he/she will have to spend some time researching how JDSW Crypto works and even if he do so, he’ll have to brute force or use other type of attack on your password. In the time of writing this article, this requires custom written software – no tool available online can be used to attack data protected by JDSW Crypto. Of course, if this algorithm becomes widespread, these tools will appear, like they exists for all widespread ciphers.
JDSW Crypto respects the cryptography standards, it uses CBC (Cipher Block Chaining) to prevent some sort of attacks, we have more secure key derivation algorithm function than is typically used worldwide and the core encrypt/decrypt functions use following sort of byte operations:
- 32bit integer addition, subtraction and multiplication
- Exclusive OR (XOR)
- Bitwise operations (left and right shift)
- Data rotation
These operations are done repeatedly in Feistel function more times (can be exactly set by app developer, even to non-standard values). The good parametrization possible makes cracking protected data even more difficult, because the attacker have to find these values to be successfully determine encryption key and to decrypt data:
- Password (of course)
- Initialization vector
- Cryptographic salt
- Key derivation iterations
- Number of rounds Feistel function uses
He can also try to find the symmetric key directly avoiding these values, but for standard implementation (24 rounds of Feistel function) this means guessing 204 bytes long encryption key. This is significantly more than for Rijndael (typically 32 bytes). Just note, that JDSW Crypto algorithm always produces a decryption result, even while using invalid decryption key. In this occasion the attacker will get random data and thus the cracking is harder.
Of course, users of TPM may or may not believe our claims and thus we will always offer to choose which encryption algorithm will be used.
Using JDSW Crypto in your software
If you would like to use JDSW Crypto in your software, you should contact us first. Typically we will provide a free license for non-commercial projects. For the commercial subjects we will always prepare personalized offer based on your requests, like software customization, support availability, etc. JDSW Crypto is now available in form of .NET library (DLL), but of course, can be written for other platforms as well.