• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

autom4te.cache/H20-May-2015-26,46124,131

config/H07-May-2022-916613

debian/H07-May-2022-488366

AUTHORSH A D03-Aug-2005343 96

Build.shH A D03-Aug-2005303 1310

COPYINGH A D03-Aug-200517.6 KiB341281

ChangeLogH A D13-May-20158.2 KiB172142

INSTALLH A D03-Aug-2005642 2213

Makefile.amH A D03-Aug-2005670 176

Makefile.inH A D03-May-202223.5 KiB752652

NEWSH A D03-Aug-20056.1 KiB132108

READMEH A D03-Aug-200511.6 KiB257198

TODOH A D03-Aug-20051 KiB2517

aclocal.m4H A D20-May-201541.9 KiB1,1801,070

boxes-fst.datH A D03-Aug-200576.7 KiB950932

compileH A D01-Jan-19700

config.h.inH A D20-May-20152.1 KiB8355

configureH A D03-May-2022169.9 KiB5,9194,906

configure.acH A D12-May-2015890 4432

debug.hH A D03-Aug-20052.1 KiB7868

decrypt_file.cH A D03-Aug-20051.4 KiB5550

decrypt_file.hH A D03-Aug-2005154 116

encrypt_file.cH A D03-Aug-20051.5 KiB5341

encrypt_file.hH A D03-Aug-2005170 116

get_decryption_password.cH A D03-Aug-2005157 96

get_decryption_password.hH A D03-Aug-2005121 84

get_encryption_password.cH A D12-May-2015867 4033

get_encryption_password.hH A D03-Aug-2005121 84

getopt.cH A D03-Aug-200522.8 KiB813456

getopt.hH A D03-Aug-20054.4 KiB13348

getopt1.cH A D03-Aug-20054.4 KiB188120

install-shH A D03-Aug-20057 KiB295169

isaac.cH A D03-Aug-20053.4 KiB135108

mem.cH A D03-Aug-2005182 127

mem.hH A D03-Aug-200594 61

missingH A D11-May-20156.7 KiB216143

mkinstalldirsH A D03-Aug-20051.9 KiB11285

ncrypt.cH A D03-May-202213.3 KiB553470

ncrypt.hH A D03-Aug-20059.3 KiB226177

nrm.8H A D03-Aug-20051.1 KiB4735

nrm.cH A D03-Aug-200510.9 KiB407305

nrm.hH A D03-Aug-2005333 1916

platform.hH A D03-Aug-20052.4 KiB7644

rand.hH A D03-Aug-20051.6 KiB5724

rand_gen.cH A D03-Aug-20052.8 KiB11658

rand_gen.hH A D03-Aug-2005453 1610

read_pass.cH A D03-Aug-20051.6 KiB6653

read_pass.hH A D03-Aug-200585 84

rijndael-alg-fst.cH A D12-May-201512.8 KiB444342

rijndael-alg-fst.hH A D12-May-2015799 2920

rijndael-api-fst.cH A D12-May-20159.4 KiB352266

rijndael.cH A D12-May-201557.3 KiB1,3071,211

rijndael.hH A D12-May-2015605 1814

serpent.cH A D03-Aug-200520.6 KiB601499

serpentsboxes.hH A D03-Aug-200514.9 KiB508397

sh1strhsh.cH A D03-Aug-2005963 3828

sha1.cH A D03-Aug-20059.8 KiB318161

sha1.hH A D03-Aug-20051.8 KiB3528

stamp-hH A D03-Aug-200510 21

stamp-h.inH A D03-Aug-200510 21

standard.hH A D03-Aug-20051.7 KiB6755

table.hH A D03-Aug-20058.9 KiB223122

twofish.cH A D12-May-201521.3 KiB697415

wipe_file.cH A D12-May-201515.3 KiB557511

wipe_file.hH A D03-Aug-2005462 1712

README

1Ncrypt - NMRC file encryptor/decryptor/wiper
2         Simple Nomad <thegnome@nmrc.org>
3         Inertia <inertia@nmrc.org>
4
5	 Additional coding by Todd MacDermid <tmacd@synacklabs.net>
6         Based off of code from Joh Johannsen <jojo@farm9.com>, Gary
7         Rancier <mephis5@softhome.net>, and Doug Whiting.
8
9
10IMPORTANT NOTE:
11---------------
12
13Files encrypted with version 0.6.9 or earlier are not compatible with version
140.6.10 or higher. This due to a bugfix that was included in 0.6.10 that fixed
15a problem with alignment on binary encrypted files on the last block of data
16that was encrypted.
17
18Quick Start
19-----------
20
21Step one - untar and gunzip:
22
23$ tar xzf ncrypt-0.x.x.tgz
24
25Step two - compile:
26
27$ cd ncrypt-0.x.x
28$ ./configure
29$ make
30
31Step three - install (if you are root):
32
33# make install
34
35Otherwise simply copy the resulting ncrypt file to a local bin directory
36in your path, such as $HOME/bin.
37
38For more details on using the configure script, see the INSTALL file.
39
40
41Features
42--------
43
44 - Open-source freeware.
45
46 - Should compile on any platform that supports standard C libraries (no
47dependencies upon crypto libraries).
48
49 - Can handle fairly large files. The largest file tested was over 600MB.
50
51 - Use Rijndael, Serpent, or Twofish as the crypto algorithm. Rijndael is
52the AES selected candidate, Serpent came in second, and Twofish third. For
53details on AES and the selection process, check out
54http://csrc.nist.gov/encryption/aes/ for more information.
55
56 - The plaintext password is converted to a SHA-1 hash and immediately
57wiped from memory securely.
58
59 - Once the SHA-1 hash is used to make a key for crypto operations, the
60SHA-1 hash is wiped from memory securely.
61
62 - If running as root, will lock process memory to prevent paging to disk,
63as the password, SHA-1 hash, and possibly parts of data could be written
64to swap.
65
66 - Secure wiping of the input file during encryption is supported. The
67wiping mode can be used independently to erase select files.
68
69 - Two different methods of wiping are support -- one outlined by Peter
70Gutmann, and one outlined for military use as defined in DoD standard
715220.22-M chapter 8.
72
73 - File slack is also securely erased during wiping operations.
74
75 - Using Peter Gutmann's wiping methods, the file is erased with the drive
76space it occupies being overwritten thirty-five times. This is based on
77Gutmann's 1996 paper entitled "Secure Deletion of Data from Magnetic and
78Solid-State Memory", available from
79http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html.
80
81 - Using the NSA-developed military method (DoD 5220.22-M), the file is
82erased using three passes - one with a character, a second with its
83complement (the bits are flipped), and finally with random data. During the
84final pass, the writes are verified. Note that the DoD standard applies to
85data with a classification below TOP SECRET, and that this utility does not
86work on an entire disk drive (only individual files). It should be noted
87that a large number of products state "seven passes is the U.S. Government
88standard for wiping classified data". I can find no written record of any
89such standard, and when I asked some .gov and .mil folk about it, I was
90pointed to DoD 5220.22-M, and that specifically states three passes.
91
92 - Random data streams used during the wiping process is generated with the
93assistance of ISAAC PRNG.
94
95
96Why I Did This
97--------------
98
99The reason this software was done was simply because of neccessity. I had a
100series of needs, and I could not find the software I needed. I needed
101something that did not require extra libraries and could be compiled
102easily on most systems, had multiple encryption algorithms, had security
103and privacy in mind from the ground up, and had the ability to securely
104wipe files.
105
106The Advanced Encryption System (AES) selection process looks promising
107(details are at http://csrc.nist.gov/encryption/aes/), mainly because of
108the peer review. It wasn't just a regular review by the government -- it
109involved some of the world's best cryptographers outside of the NSA. Since
110the selection process was close, and since you can bet that the top 3
111entries were really good, I included those top three algorithms --
112Rijndael, Serpent, and Twofish.
113
114I wanted to include the ability to completely wipe the original file after
115encryption. What good is it if you encrypt a file, when the plaintext
116version can be recovered with a minimal amount of forensics effort?
117Multiple passes over the file's space on the hard drive with zeroes and
118random data was a must.
119
120No such program existed, so I did what many of us do -- I went out and
121found source code that was close, and starting hacking together something
122that was usable.
123
124
125Target User
126-----------
127
128Here is a list of what I perceive to be as the typical users of Ncrypt:
129
130Non-root users - If you have a shell account on someone else's system,
131like a shell server at an ISP, and you want to encrypt files to protect
132your privacy, Ncrypt was made for you. Odds are you won't be able to talk
133the sys admin into installing some cool crypto library (or updating an
134existing one), so you need something that will compile with basic C
135libraries. You need something you can install yourself (say in $HOME/bin),
136and you want to make sure the sys admin can't resurrect deleted plaintext
137files to read your private documents. Ncrypt does that.
138
139Human rights worker - You need a simple and easy method to encrypt and
140decrypt files, and prevent a hostile government who might seize your
141computer from recovering your files -- even if they sneak into your hotel
142room while you are gone, and try to do it without your knowledge. You need
143a way to prevent the evil oppressors from recovering the plaintext
144versions. Ncrypt will do that.
145
146Pen testers - Need a quick method to encrypt and decrypt files during a
147penetration test, especially if you are wanting to move such things as
148shadow password files and port scan results from the target network to a
149different system? If you got in through a hole and are collecting data,
150you don't want to leave that data sitting around in plaintext for a real
151intruder or disgruntled employee to find. You may not be able to install
152that crypto library on the production system you've compromised, so Ncrypt
153will work just fine.
154
155Black hats - There is nothing more irritating than busting root on one
156system, hopping from system to system, and some sys admin finds your
157plaintext hacker tools and data. You could lose root on all those boxes!
158Having a handy utility that can compile without crypto libraries, and that
159can safely wipe annoying log files would be a great addition to any decent
160rootkit. Ncrypt will work for you.
161
162
163Reporting Bugs
164--------------
165
166If you find a bug with the software, please let me know. I tried to ensure
167that the software would not be a security risk itself, and I've tried to
168get it to run as clean as possible. If for some reason the program
169segfaults, the core file could contain plaintext data, so make sure you
170thoroughly clean up after a segfault. Report bugs to thegnome@nmrc.org
171along with the conditions that caused the problem. If you patch the bug,
172send me a diff and I'll include it with credit (assuming the patch is
173approved, can't have a patch introducing a security risk!).
174
175
176Potential Risks Associated with Ncrypt
177--------------------------------------
178
179In spite of the fact I've really tried to ensure the code is safe, there
180are a few scenarios I have considered as potential risk areas. I will
181outline those:
182
183 - Signals and memory diddling. It is possible that if you are a non-root
184user on a system, root could send a signal or overwrite portions of memory
185causing Ncrypt to core during Ncrypt's runtime. This could cause a
186segfault, and root could cp or mv the core file to a protected directory
187before you could securely wipe it, recovering part or all of the plaintext
188file. This type of attack could be automated. NOTE: I may attempt to code
189around this, but it will take some investigation, and me reading up on
190signal handling. If ulimit is used to prevent coring, this helps, but a
191clever attacker running as root could still get around this.
192
193 - System call tracing. If you are non-root, root could decide to ptrace
194the Ncrypt process and recover the password or SHA-1 hash. If you can
195setgid to a non-privileged group (which may not be possible if you don't
196have root) this will help.
197
198 - Paging memory to disk. Normally for a security-related piece of code
199one would use mlock or mlockall to prevent paging memory to disk. However
200this is a privileged operation, and cannot be done if Ncrypt is running as
201non-root. Therefore it is possible that passwords or hashes could be written
202to the swap and recovered by the system owner.
203
204 - "Bad" system libraries. It is possible that some of the standard
205libraries on a system may be "tainted", and designed to intercept key
206read and write operations. The truly paranoid and untrusting may want to
207always compile Ncrypt statically on a known safe system, and copy the
208binary to the untrusted host before running.
209
210 - Kernel intercepts of system calls. There is the possibility that a
211kernel modification or module could be loaded that sees Ncrypt opening
212file handles, and then simply makes copies of all read operations to a
213separate file. Granted this could be tricky when wiping during encryption,
214but not impossible to code up. This could result in disclosure of your
215plaintext file.
216
217 - Coding problem. It is possible that a buffer overflow, underflow, or
218some other method for introducing a security problem could be found in
219Ncrypt. Ncrypt was examined fairly extensively, but it is still possible
220that a problem might be found.
221
222 - Crypto problem. There could be a problem in the coding of one or all of
223the algorithms used in Ncrypt that is currently undiscovered, that when
224exploited could result in cracking the encryption or key recovery. While
225some of the best crypto people in the world looked at these
226implementations during the AES selection process, some could still exist.
227
228 - Plaintext recovery of a military-wiped file. DoD 5220.22-M was
229developed by the NSA for military use, and the sanitizing of disk drives
230was originally intended to allow a way for drives that contained data
231with a classification of less than TOP SECRET to be reused (as opposed to
232being simply destroyed). I have spoken with the now former NSA employee
233who developed the disk sanitizing methods to ensure I am "doing it
234correctly", which was developed in 1989 and was considered acceptable
235for data with a classification of SECRET or lower. In cyber terms, 1989
236was the Neolithic era, and in the face of modern forensic techniques, the
237data may still be recoverable. "Modern forensic techniques" in this
238context basically includes heavily sophisticated technologies, such as
239those employed by agencies such as the NSA or possibly another nation state.
240
241 - Plaintext recovery of a Gutmann-wiped file. In spite of the fact that
242Peter Gutmann's excellent paper illustrates both recovery methods and
243methods for thwarting recovery of deleted files in a seemingly logical
244manner, it still seems possible that Mr. Gutmann's techniques are either
245incorrect or outdated in the face of the afore-mentioned "modern
246forsenic techniques".
247
248 - RAID, journaled or logging file system. Any file system that does
249mirroring, journaling, or is a logging file system, is basically designed
250with data recovery in mind. Therefore there is a danger that on these types
251of file systems, the wiping routines may prove to be pointless. If you have
252a choice, use ext2 as testing showed The Coroner's Toolkit was unable to
253recover wiped files on that file system.
254
255Simple Nomad
256$Id: README,v 1.1.1.1 2005/08/03 13:52:05 s-nomad Exp $
257