|
||||||||||||||||
Article Index
Product Contact Details
|
||||||||||||||||
|
Invisible
Secrets 2002  FOR
Provides many cryptographic algorithms and appropriate carrier media types; very quick and easy to use. AGAINST Uses only symmetric key cryptography - passwords have to be swapped secretly; some versions of carrier files not supported. VERDICT Well featured, easy to use and well thought out although keys have to be exchanged using other methods. In 1499, Aldus Manutius published the Hypnerotomachia Poliphili, a book famous now for its knowledge of architecture, landscape garden design, engineering and so on. However, it is known in cryptography circles primarily because the first letter of each of the 38 chapters spells out a message that, if not looked for, would never be found. The message - of passionate love from a Dominican Monk - was in plaintext (although in Latin) but it was an early example of steganography - hiding messages. If you encrypt a piece of information, the resulting nonsensical text makes it obvious that there is something there that warrants attention. However, if, like Brother Francesco Colonna, you then hide that code in something else - in his case a carrier text - the encrypted information loses its conspicuity. NeoByte Solutions’ Invisible Secrets 2002 provides an extremely easy to use wizard-based solution to the problem of compressing, encrypting and hiding any type of file, along with dummy files, within other files using a number of encryption algorithms and carrier types. The program makes use of Blowfish, Twofish, RC4, Cast128, Gost, Rijndael, Diamond 2 and Sapphire II symmetric key block ciphers. The company is based in Romania, therefore, these algorithms may be used with the full key lengths anywhere in the world without falling foul of U.S. export restrictions. Each encryption is protected by the secret key, which can be of the user’s choosing or from the program’s own password generator. With the password generator, the user may choose a variety of character sets - uppercase alphabet, lowercase, numbers, special characters or all characters. The required key length is chosen and then the mouse is moved within a Grey box that contains pixels of different values generated by the computer. These values are pseudo-random but the mouse movements are not, being generated by the user, therefore the results are chaotic. The colors of the pixels match the number of values required i.e. for numbers only, there are 10 colors, for upper and lowercase letters only, there are 52 color values and analysis of over 10,000 characters generated in this manner shows no trends. Passwords may be stored in the program’s password list files, each list being protected by a PIN. A list of passwords is displayed with only the description and when the user selects a particular password, it is copied into the appropriate fields in the main program. It must be pointed out that all the algorithms in this version use the same key for decryption as encryption. This has the implication that passwords need to be passed secretly to any other authorized party. A future version of Invisible Secrets will include public key cryptography, but at the moment, this must be done using another program or physically. The carrier, being the information within which the ciphertext is hidden, comes from a number of source types giving the user the opportunity to hide information in: image files (jpeg, bmp and png); sound files (wav), and html. In this way, images may be hidden in sound files and sounds may be hidden in images, space permitting. Invisible Secrets will also produce bogus files so that traffic analysis will not reveal anything. It must be noted that a jpeg produced by some image processing programs is not supported by Invisible Secrets and a jpeg with hidden information, although readable by web browsers, may not be readable by some image processing packages. Likewise, although Invisible Secrets will hide information inside pcm, wav files of 44KHz 16-bit stereo or lesser specifications, wav files from some programs are not supported. However, simply loading a future carrier file into a program that is supported by Invisible Secrets and saving again is enough to allow it to be used. When html files are used as the carrier, spaces are added to the ends of various lines in the html code in unary. While this is not visible on the formatted page in the browser or immediately obvious if looking at the source code, highlighting the code will reveal them, although they would still need decrypting using the correct algorithm and password - assuming that they were put there by Invisible Secrets. If somebody attempts to extract a file from a carrier that does not have a hidden file, the program gives the message “Invalid carrier file, password or algorithm,” the same as if there is a hidden file there but with one of the details being wrong. By not providing information that affects the disclosure of the existence of hidden information, passwords cannot legally be demanded from the user by employers or the authorities. Apart from steganography, Invisible Secrets has a number of related features: plain encryption and file shredding. The encryption uses the same algorithms and procedures as the steganographic part of the program, simply creating a ciphertext file but not hiding it.
File shredding is performed to DoD 5220.22-M, section 8 sanitizing criteria - the Department of Defense (U.S. atomic energy) standard generally adopted on a global scale for file shredding. It states that non-removable and removable rigid disks may be sanitized by “overwrit[ing] all addressable locations with a character, its complement, then a random character and verify[ing]” although this method is “not approved for sanitizing media that contains top secret information.” Most people will consider their company secrets, in which they may have invested millions, to be equivalent to top secret and the only method that is approved for this under DoD 5220.22-M is to “Destroy - disintegrate, incinerate, pulverize, shred, or melt.” This standard also states that floppies can only be sanitized by destroying them as described above and in compliance with this, Invisible Secrets will not attempt to sanitize files stored on a floppy as most floppy disk drives do not support this method. Overall, Invisible Secrets is richly featured and easy to use with the facility to ftp files directly to a chosen server. If you can program in Delphi, you can even write your own carrier and encryption libraries to add to the existing ones, as details of how to do this may be downloaded from NeoByte’s web site. |
||||||||||||||||
| CONTACT DETAILS | ||||||||||||||||
|
Invisible Secrets 2002 Version 3.1 North America Europe International May be bought online and the
registered version downloaded from the |
||||||||||||||||
| ARCHIVES | ||||||||||||||||
|
All the SC Online Magazine reviews & articles are available in the Category Index |
||||||||||||||||
|
||||||||||||||||
|
Copyright © West Coast Publishing. All rights reserved. |
||||||||||||||||
