From msuinfo!agate!howland.reston.ans.net!cs.utexas.edu!cactus.org!ritter Wed Mar  2 09:52:20 1994
Newsgroups: sci.crypt
Path: msuinfo!agate!howland.reston.ans.net!cs.utexas.edu!cactus.org!ritter
From: ritter@cactus.org (Terry Ritter)
Subject: Penknife Email Cipher Available
Message-ID: <1994Feb28.063510.9665@cactus.org>
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
Distribution: usa
Date: Mon, 28 Feb 1994 06:35:10 GMT
Lines: 114



 INTRODUCING THE PENKNIFE EMAIL CIPHER
    from Ritter Software Engineering

 For a limited time, the commercial demo version of the Penknife
 cipher for DOS is available free by email to US citizens within
 the US only.  (The Unix program uudecode--or equivalent--must be
 used to recover the DOS executable binary).

 Each email request must include:

      1) Correct name, address, and phone,
      2) Email address, city and state of email server,
      3) Statement of US citizenship, and
      4) Agreement to not export the program.


 Description

 Penknife is a commercial command-line file-cipher program for
 80x86 DOS, which can encipher any file of any type into email-able
 text (ciphertext) lines.

 The commercial demo contains the same cipher used in the advanced
 version, but without various frills like key-aliases and wildcard
 processing.  The demo may be further distributed (within the US
 only) to other email users.  Individuals may evaluate the demo
 version until they decide to upgrade to advanced Penknife.
 Penknife uses a 63-bit internal key, so it cannot be exported and
 should not be placed on a BBS or ftp site.


 Secret-Key Cipher

 Penknife is a secret-key cipher; the need for a secret key
 reminds us that privacy is not available if the other end cannot
 be trusted.  Admittedly, key-transport is sometimes awkward (even
 though enciphered keys can sent by mail or express-delivery service,
 taken by traveling friends or employees, or delivered in person).
 But the alternative is sometimes worse:

 Public-key algorithms absolutely *require* a cryptographic protocol
 so a user can "validate" or "certify" each public key they acquire.
 Failure to validate keys can result in "man-in-the-middle" or
 "spoofing" attacks which expose the protected information *without*
 any need to break the cipher.  This makes detailed discussion of
 the "strength" of such a cipher irrelevant to its true security.
 The need to manually validate keys is a weakness which only crypto-
 trained operators would recognize and cover, a weakness which
 Penknife does not have.

 Good public-key ciphers exist, but these do not "trust" other
 users, instead using a cryptographic protocol to certify keys.
 This is a complication which Penknife does not need.


 Some Penknife Features

 1) Penknife is based on original Dynamic Substitution technology
    invented and patented by this author and published in
    Cryptologia.  The detailed cipher design is available and has
    been published for comment on sci.crypt.

 2) Penknife is error-resilient:  Each ciphertext line is ciphered
    separately, and the cipher recovers from errors with the start
    of each new ciphertext line.  Each ciphertext line has its own
    32-bit random line key.

 3) Penknife deciphering automatically handles both DOS-style
    (CR LF) and Unix-style (LF) text lines, since text line-
    separators may change in transit.

 4) Penknife does not include "BEGIN ENCIPHERED MESSAGE" or any
    other indication of cipher, or the name of the cipher used.
    There is just ciphertext.  The receiving user is expected to
    know that a cipher has been used, and which cipher in particular,
    as well as the key.

 5) In most cases, Penknife deciphering will automatically skip
    email headers or signature text (or optionally pass them through
    to the output file).  It is normally unnecessary to "clean up"
    email messages for deciphering.

 6) Penknife includes an overall error-check (32-bit CRC) on the
    ciphered data.  This supports the transport of programs, which
    should not be executed if they were damaged.  It also indicates
    the use of the wrong key when deciphering.

 7) The Penknife advanced version has extensive key-management
    support, including enciphered alias files.  Key-aliases
    reduce the irritation and potential for serious error which
    can result from typing-in long secret keys.

 8) Advanced Penknife also includes dated aliases, which support
    automatic key-change by date, as well as access to archived
    ciphertext enciphered under old keys.

 9) Advanced Penknife also supports ciphertext archives, wildcard
    and directory-tree search operations, automatic recovery of
    alias and date from the filename (supporting automatic
    deciphering of archived ciphertext from various old keys) as
    well as a simple batch facility.

 10) Penknife does not infringe any known patents.


 Ritter Software Engineering is a registered manufacturer of
 cryptographic armaments.

 ---
 Terry Ritter   ritter@cactus.org