A quick look at Cryptosystem ME6's user interface reveals this background, as the package has a very DOS-like look and feel about it, although its Windows feature set is well defined. To keep costs down, the package comes with an online manual, which users can download if they wish. [Ed note: In response to our review, the developers are now to include a zipped version with the software.] There's also a comprehensive set of information files, as well as a limited function demo version of the software on Hermetic's web site. The DOS origins of the software mean that it will run quite happily on a Windows 95 machine and upwards, provided users have a standard screen resolution or better.

In a nutshell, the application allows users to encrypt data in multiple files using a 500-bit cryptography system that uses data keys of between 16 and 64 characters long. The data keys can be a string of characters supplied by the user, or 64 random bytes generated by the software. Without the data key(s), the data files - be they text or binary files - cannot be decoded using any current means.

Although 4GHz Pentium processors are now being developed, a 'back of envelope' calculation suggests that it would take tens of thousands of computer years to decode a file encoded by the software using brute force means. Assuming, of course, that the principle on which the package operates were to be derived from pattern analysis. Just to make life even more interesting, however, Cryptosystem ME6 also compresses files before they are encrypted, making pattern analysis techniques impossible to use - clearly Meyer's expertise has not gone to waste in developing this software. This also, in theory, removes any chance that someone with sufficient computing power could decrypt files created with the software without the data key - Catch 22 for would-be crackers.

ME6 is actually the latest incarnation of Meyer's software and, like its predecessors, uses a symmetric key approach to encryption. The program uses standard Visual Basic for the user interface while the number-crunching is done by functions in DLLs written in C and called from Visual Basic. Coding seems very solid and proved impossible to crash. The encryption process seen in the software uses pseudo-random number generators, a secure hash function (the MD5 message digest algorithm) and what the author calls 'plain text feedback.' Because Meyer's software uses a symmetric key system and the complexities are buried in the program code, it is almost impossible to verify the efficiency of the cryptography system. On a subjective level, however, the program's pedigree is excellent, and Meyer's web site contains a wealth of information on cryptographic history and the evolution of his software.

As with specialist applications of this type, Cryptosystem ME6 is not sold through retail channels, but is downloadable from Hermetic's web site, with payments accepted by check or plastic. Comparisons between Cryptosystem and Pretty Good Privacy (PGP), the ground-breaking encryption technology developed by Phil Zimmerman around a decade ago, are inevitable. Zimmerman's PGP technology broke the mould on encryption, mainly because of some highly innovative concepts that the programmer came up with on the technology. So innovative, in fact, that the U.S. government started investigating Zimmerman when he offered his software for download across the Internet, ostensibly within the U.S., but actually worldwide.

Meyer has side-stepped any potential government action, that made Zimmerman something of a martyr, by developing his software wholly outside of North America. Unlike the early editions of PGP, Cryptosystem ME6 is a very slick package, despite its obvious DOS heritage. The user interface belies the thought that has clearly gone into the package's development. Facilities include multiple branching within the program's menu structure, giving users a clearly-defined, but wide, set of choices at almost all menu levels. It's difficult to envisage user options that even the most imaginative of user would not find within the package.

The lack of a printed manual is one potential drawback - users must go to the web and view the manual online, downloading multiple HTML pages if required, for later offline printing. The manual itself is something of a labor of love, apparently having grown in parallel with the various iterations of Cryptosystem in recent times. The manual, in fact, is more than a simple manual and is actually an information resource on cryptography in its own right - the author has presumed that readers are familiar with basic encryption concepts, but appears to have taken care to explain how his software works.

For the money, this is an impressive feat, especially when you consider that cryptograph books sell for approaching the cost price of this package in its entirety. The manual includes an analysis of its own speed and reliability. We found that, on an 850MHz Pentium III machine with 128Mb of RAM and Windows 98 SE, the program encrypts at the rate of one megabyte per second and slightly less than this when decrypting. These speeds are more than adequate for most users, even those users who encrypt whole directories and file folders on their machines. We suspect that the actual speed of the software on the encryption front is limited by the speed of the PC's hard drive, rather than any other constraints, but this only the writer's theory.

When we first started looking at this software, we were under the impression that it had some commercial competition in the shape of Norton's For Your Eyes Only and PGP Windows, dating from the mid-1990s, but these applications have now been superseded by other multi-function packages. Cryptosystem ME6 is an excellent package with a superb pedigree.  

SC On-Line
SC Magazine
www.scmagazine.com