The Doghouse: CryptIt

It’s been far too long since I’ve had one of these.

CryptIt looks like just another one-time pad snake-oil product:

Most file encryptions use methods that mathematically hash a password to a much larger number and rely on the time taken to reverse this process to prevent unauthorised decryption. Providing the key length is 128 bits or greater this method works well for most purposes, but since these methods do have predictable patterns they can be cracked. CPUs are increasing in speed at a fast rate and these encryption methods can be beaten given luck and/or enough computers. XorIt uses the XOR encryption method (also known as Vernam encryption) that can have keys the same size as the file to be encrypted. Thus, if you are encrypting a 5MB file, then you can have what is in effect a 40 Million bit key! This is virtually unbreakable by any computer, especially when you consider that the file must also be checked with each combination to see if it is decrypted. To put is another way, since XorIt gives no pass/fail results brute force methods are difficult to implement. In fact, if you use a good key file that is the same size or larger than the source and do not reuse the key file then it it impossible to decrypt the file, no matter how fast the computer is. Furthermore, the key file can be anything – a program, a swap file, an image of your cat or even a music file.

Amazingly enough, some people still believe in this sort of nonsense. Before defending them, please read my essay on snake oil.

Posted on September 28, 2005 at 1:25 PM

Sidebar photo of Bruce Schneier by Joe MacInnis.