CHAMELEON File Encryption Tools
Version 0.1
Copyright (C) 2000 Ulli Meybohm, www.meybohm.de
License: GNU General Public License
Chameleon is a little file encryption tool using a symetric encryption, a plaintext-feedbacked 2048 bit key generated by a password, xor-chains and a dummy-header system.
In the moment, the program is written in pure ansi-c. It should
compile on every system with a c-compiler. If you haven't got the
GNU gcc compiler, then you should change the makefile entry
$(COMPILER)=gcc to whatever compiler you use on your system.
Pre-Compiled binaries exist for Linux i386, Windows and Solaris.
To compile the program, simply open a shell, change to the directory
where you extracted the files from the tar-archive and run make.
If succeeded, you should find the executable files cenc and cdec
in the same directory. Copy both to a directory which is listet in the $PATH
variable. On Linux/Unix Systems this is normally /usr/local/bin
and on Windows Systems c:\windows\command. On Linux/Unix Systems
you can also use make install to install the files.
To encrypt files, you need the cenc program. Start the program like this:
cenc <files> Examples: cenc mysecretfile.txt cenc `ls *`
The program is interactive, and you will be asked for a password and the dummy-header size.
The decryption-process is quite the same:
cdec <files> Examples: cdec mysecretfile.txt cdec `ls *`
The program is also interactive, and you will be asked for a password and the dummy-header size like in cenc.
If you use the chameleon tools the first time, you may get confused by the dummy-header concept. On most encryption programs, you only need a password to encrypt files. So why the additional dummy-header (dh)? The answer is, that it gives you a much better security. And if you don't want to use the dh-system, simply enter 0 when using cenc.
The dummy header is implemented for a better security againts
brute-force dictionary and known-plaintext attacks. There are
programs which try to break the encryption simply by trying to
decrypt a encrypted file by trying to use possible passwords which
may be listed in a dictionary file and analyise the decrypted file,
if the content is valid.
To give you an example: Encrypting a GIF-image. The
image-file starts always with the header GIF89. So all the
program has to do, is to decrypt the first 5 bytes of the file
with all possible passwords/keys until they find this header.
On normal computers, this may take much to long to be practical,
but for high-speed cluster of the NSA this may be a peace of cake,
if you choose a password which is listed in their dictionary file.
With the chameleon tools, you have an easy tool to generate a random dummy-header with a variable length which will be set in front of the files that you want to encode. If someone wants to break the encryption, it is now harder to break, because the attacker doesn't know exactly, how long the header is. Because the header-size length number is also used to modify the encryption-key, the attacker has to try every password with all possible header-lengths and has to go through the dummy-header bytes every time he tries a password. This should secure the file against the strongest number-crunching clusters if you use a good password and an appropriate header-size.
For local usage on a harddisk, you should use a size between 100Kb-1Mb. If you want to send the files through a slow internet connection, then use 10Kb-100Kb. If you are unsure about this option, then simply type 0 and the default value 10000 will be used.
Don't use a password, which is part of the cracker-dictionaries! Check your password with the vpass utility first, if you are unsure. Use also numbers and special characters. The password input is case-sensitive. Use a password with mixed upper/lowercase charachters for better security.
The Chameleon tools don't have an internal compression routine yet. Please compress the files that you like to encode with gzip or bz2 before you encrypt them. The encrypted file is so random, that the tools can't compress them very well.