http://www.stealthencrypt.comInternet Security Suite is available at software retail stores in the US and Canada
Return to the Home Page
About
Email
Products
Free
Index
Links
News
Resources
Services

Our Privacy Policy

TWOFISH

THIS FREE ENCRYPTION SOFTWARE IS FOR US/CANADA ONLY and the install is password-protected. It is intended for the purchasers of Swift Complete Internet Suite only!DOWNLOADS
TWOFISH PRO ENCRYPTION WITH KEY GENERATOR - PRO EDITIONUncrackable encryption and decryption with key generator and SHA file verification is the successor to Blowfish. This military strength encryption is under consideration for use by the U.S. Government. Includes manual. When we say military strength, we mean it! US/Canada downloads only!twofishpro.zip - site1 or
twofishpro.zip - site2

Welcome to Two Fish Pro Encryption with Key Generator - Pro Edition

Why Twofish?

Welcome to our free update

As promised, users of the Complete Internet Suite and Internet Security Suite will be receiving new and updated programs on a regular basis.

Like our disappearing "Stealth Encryption" program we provide a FREE version of the program that you can distribute to others in the United States and Canada, called the "Lite Version." THIS VERSION, THE PRO VERSION, IS JUST FOR CUSTOMERS OF OUR SUITES. Please feel free to distribute the Lite Version to others; however, this program is licensed. Two Fish is the new encryption algorithm (reviewed below) from Bruce Schneier, and is well regarded. In addition, this program creates "secure" keys using elliptic curves (explained below) and allows you to verify that files have not been tampered with using SHA.

Two Fish

This is an advanced discussion and can be skipped if you are not interested in learning how this program works.

Bruce Schneier the author of Applied Cryptography, one of the leading words on computer security and privacy developed a great, military strength encryption program called "Blowfish."

Two Fish is the successor to Blowfish, and is one of the candidates to become the standard form of encryption for the banking and government contracting industries.

Two Fish is generously given to the public domain by Mr. Schneier, and this program takes full advantage of the strength of Two Fish.

We use the terms "military strength" and we mean it.

Security of Two Fish

1. What is encryption and how does it work?

Encryption is the scrambling of files so that they cannot be read without knowledge of the "key." Encryption is vital to commerce, particularly electronic commerce.

Private information needs to stay private.

In 1976 the US government approved the use of an encryption scheme called "DES," based on work done by IBM. The banking system, among other users, are still encrypting private messages (like wire transfers) using DES.

DES has been analyzed all over the world, and until recently it was agreed that if you used a "good" key, then the only way to read the message was to have the key, or to start trying each key, one after the other. DES was considered secure because the number of keys was so large that computers didn't have enough time or power to try the keys.

Cryptographers now agree that DES is not strong enough.

Two Fish is one of the candidates to replace DES as the US encryption standard. Experts throughout the world are analyzing Two Fish, and, at this time, believe that the only way to read a file encrypted with Two Fish is by trying each key, which will take millions of years or more even with super computers.

Therefore, if you keep your "key" a secret, you can send messages over the Internet to others using this program that only the intended recipient (who you tell the key) can read the message.

You can also use encryption to keep confidential files on your computer confidential.

2. Is the encryption strong enough to keep my data secure?

That's hard to answer. Security is always relative. With poorly designed security someone with a home computer can break some forms of encryption. If you write your key down on a piece of paper and tack it onto your refrigerator, computer encoding of your data won't help if someone can see the note on your refrigerator. So let's restate the question. If you do not reveal your key or use a weak key, the data in this program can only be accessed by trying the possible keys. All of them.

Two Fish, the encryption algorithm used in this program, has no known weakness which would make it easier for a computer cryptanalyst to decode a message more quickly than checking the keys.

We take great assurance from the fact that TwoFish is now under analysis by cryptographers the world over, as it has been selected as a candidate to be the next official encryption standard adopted by the US.

There are so many Two Fish keys that a supercomputer that is a billion times faster than any one known today would not have enough time to "guess" the key until after the Sun has burned out its energy. For purposes of personal information, computer experts in security agree that the data encrypted with this program is secure for many decades. The best computer security minds in the world believe that systems like Two Fish will be secure for at least 100 years.

Although you have heard true and accurate stories in the press about "encryption" being broken, this refers to 40 or 56 bit systems, not the 256 bit systems used in this program. However, the best security system is not worth much if you use your initials as the key! One way that eavesdroppers read "securely encrypted" messages is because people use their name, initial's, kid's name, etc., as their key.

We have strengthened this program because the "key" used is generated using elliptic curves. A long, random string of digits is used as your key and is produced from your input. There are many other factors related to the security of encryption- you also need to consider COST. Building and running a huge computer to try break secure codes is out of the budget reach of all but large concerns or governments. If the "value" of the accounts you can access with the passwords you have stored in this program is $100,000, someone will not spend $1,000,000 to build a computer to break the codes. If a criminal needs this information they will bribe others or steal your wallet rather than committing to a hopeless task of code breaking. With all due respect, most people's information is not worth millions of dollars, so if the information is encrypted with a strong system like Two Fish, for real world purposes it's safe. For those who believe that there are huge government computers that can break anything made on a computer … even if a multi-billion dollar computer exists, it wouldn't be used (and if it was, there are still too many keys to check) except for military or other extremely important information. If the government wants access to someone's bank account information, they'll just obtain a subpoena for a few dollars of staff time, or seize the account through legal processes. They don't "break" codes, they go to the source.

Remember that a computer that is a billion times faster than any computer known, still would need millions of years to get a key by brute force.

We use a military grade encryption system in this program called Two Fish. Two Fish creates an encrypted file of your data with a key length of 256 bits. According to the best minds in computer security, to maintain security against adversaries prepared to spend hundreds of millions of dollars to build special purpose computers, the Two Fish encryption used in this program is very secure. The key length of 256 bits is so large that, as we mentioned, billions of years of computer time would be required to break the code IF computer power increases by a billion times. The best cryptographers in the world have concluded that a key length of more than 100 bits is not computationally possible to break, even with "science fiction" types of super computers.

Consider that the odds of winning a state lottery range from 1 in 4,000,000 to 1 in 14,000,000. The odds of guessing a Two Fish key are so large that the odds of the same person winning a state lottery every time it is drawn weekly for millions of years is better by far than guessing the key. The number of keys in Two fish is 2256, which is 10 followed by 74 zeros. Here are some more "odds" for you to consider:

Odds of Drowning in the US per year (1 in 59,000) 216
Time until the sun goes super nova 230 years
Approximate age of the Universe 234 years
Number of atoms in the earth 2170
Approximate number of atoms in the Milky Way Galaxy 2223
Number of Key Fish keys 2256
Approximate number of atoms in the universe 2265

People have a right to be concerned about encryption. However, it is unreasonable to put different standards on encryption than on other engineering. If you fly because the "odds" of a crash are so low because airplanes are well manufactured, remember that the "odds" of a key being discovered and a code being cracked are hundreds of trillions times lower. The odds of being killed in an automobile accident during your lifetime is estimated at 1 in 75. Compare that risk (most people drive all the time) with the risk of a key being guessed and your data being compromised: 1 in 2255 (or about 10 to the 78th power)!

Our web site also has general information about encryption.

3. Is there a "back door" to allow me to recover the information if I forget my key to the data? NO! If you forget the key used to encrypt your information, all of the keys must be tried. There are no "trap doors" or other short cuts into the encrypted data. This means that you must be extremely careful to remember your key! In most cases, if you cannot remember your key you will have to go back to the companies or sites and prove your identify and request a new password or that they tell you your old one.

If you forget your key, the data is not recoverable.

4. Can this program be exported?

No. Due to ITAR regulations this program's encryption is too strong to export. Therefore, this program is export restricted except in the United States and Canada. DON'T EXPORT IT!

5. Can I give other persons copies of this program?

NO! You may distribute the LITE version of this program to others. It's available from our website. There is no charge for the LITE version of the program.

6. What's the difference between the LITE version and the PRO version?

The program that you have, the PRO version, includes the ability to verify files. The lite version does not have this feature. However, you can use this version to communicate with others. The encrypted files created by this program are compatible with the Lite version.

Elliptic curves

This is an advanced discussion and can be skipped if you are not interested in learning how this program works.

This program creates a key from a short phrase that you enter.

We recommend that you do not use your name, initials or any personal information as a key for a message.

A short sentence like "oatmeal tastes good" is excellent. The reason for this is fairly simple. If someone wants to read your encrypted e-mail or other files, if they are computer experts they will try your initial's, wife's name, date of birth, etc. All the encryption power in the world can't stop someone from reading your messages if you use your first name as the key!

Once you enter a phrase and click on generate key, the program plots your phrase mathematically on elliptic curves, and gives coordinates back to you as the key. For example, "oatmeal is good" produces the following key:

DDVq7EAPaFqeVV9gqrFuhuKfu+h+PsRzCxP2JhwFoqI+

Key generation is case sensitive, so "Oatmeal is good" produces the following key:

e6Nx3Wu9v0DjcXhpfPOIE1u5T6cRTCisZNlJq-N+dgE+

This means that someone trying to read an encrypted file that you have created will be required to enter that long string of gibberish to read your message, NOT oatmeal is good (unless they have this program, but we can assume that most people trying to break into private mail would not know exactly how the message was encrypted- and there are no telltale signs that the file was encrypted using this program.) In the event that you use this program primarily for email, you will not need to carefully store your passwords so long as the room where the passwords are kept is secure.

If you use this program to store information on your computer and the room is not secure, you may want to consider remembering one key phrase, and then encryption a file containing your other key phrases. If you elect to try to remember one phrase, make it outrageous. "My dog has a blue nose" is easier to remember than a ordinary sentence. The more outrageous the better. Remember your keys!

How do I get the key to the other party?

We are working on a "public key" based system to allow the delivery of keys without trust. In the case of Internet email, generally the key is sent via mail, overnight delivery or over the phone. One way to make corresponding with someone securely simple is to create 50 keys, encrypt those keys in a single file, and then notify the recipient of the key phrase used for the file containing the keys via phone, fax, personal contact, certified mail, etc.

NOTE ON DECRYPTION:

You do not need to remember the actual secure key, just the phrase, since the key is "created" from the phrase. So if you correspond with others you DO NOT need to send them the secure key, just the phrases.

Pro Edition features

The Pro Edition of this program (the one you have now) has a powerful feature not contained in the "light" version of the program-- SHA file verification.

Now, the advanced discussion on SHA

This is an advanced discussion and can be skipped if you are not interested in learning how this program works.

SHA takes a file and builds a "hash," or "digital fingerprint" of the file. It's like a cyclical redundancy check, but much more powerful. The "hash" or fingerprint is a 160 bit string. That's a lot of bits! The nice part of hash functions is that you CANNOT go backward from a hash and derive the file. SHA is known as a "one way hash" function.

In addition, it is as close as impossible as it can be for two files to have the same "fingerprint."

The tiniest change in a file results in a large change to the SHA "fingerprint."

SHA is currently considered to be the strongest "one-way" hash function available.

Our program allows you to compare two files to see if they are the same. You might want to use this in encrypting/decrypting files. You can ensure that the file which you have received is the same as the one sent by the other party if both of you "hash" or fingerprint your files and compare the hashes.

Program functions

Main menu

When you begin the program, you will see the following:

The process to encrypt a file is easy:

1. Select your key

2. Click on Generate Secure Key

3. Click on ENCRYPT and specify the file names. That's it!

Key phrase

See our discussion on keys. Type your short phrase into this edit. This will be used to create the key used with your program.

Generate secure key

So long as the Key Phrase edit is not blank, pressing this button creates a secure key which is then displayed.

Secure key

After entering a key phrase, the secure key is shown in this edit box. IT IS AUTOMATICALY USED WHEN YOU NEXT ENCRYPT OR DECRYPT the file.

Here is the display after you have generated a key:

Note that the status bar changes.

Encrypt file

So long as there is a secure key display, clicking this button will start the encryption process. The first step is to select the file to encrypt. You may encrypt ANY file:

Just click on the file to encrypt. After clicking "OPEN" you will then be prompted for the name of the scrambled file:

You may select any name you desire. Although the default is to name the files *.two, you may want to name the files with another extension. This is accomplished through the Save as type drop down:

If you select Any File, you can name the file with any extension.

That's all there is to it- the file has been encrypted and is now ready to be sent or stored.

After encryption, the status bar on the bottom of the screen will remind you of your last action:

Utility

The utility menu provides access to the SHA file comparison and verification program.

Decryption

Decryption follows the same steps as encryption- enter the correct key, case sensitive, and then click on generate key, followed by decrypt. The file will be saved to the name that you have chosen. If you have given the wrong key phrase, the file will still be processed, but will be unreadable. We are working on a simple way to authenticate messages and will provide a future update to this free program.

Remember that you don't have to enter the entire secure key, just the phrase.

Exit

Clicking on exit returns to Windows and closes the program.

File verification

Are the files the same?

After selecting the utility menu, you will see the following:

Calculate hash, files 1 and 2

After pressing this button you will see a file open dialog. The file that you open will then be "hashed," with the hash appearing in the status bar.

Calculate hash button:

In addition, after a hash is calculated if you rest your cursor over either the file 1 or file 2 calculate buttons, the hint will be the hash value.

Compare two files

To compare two files, click on the Calculate hash file button for the first and second file.

You will have to select the two files to compare through standard open file dialogs:

After you calculate the hash for each file, it will appear on the status bar on the bottom of the form:

Perform comparison

Note: The "Compare file hashes" button will be inactive (gray) until you have calculated the hash for two files.

After selecting both files, you then should click the compare file button:

The status bar will then show a message indicating whether or not the files' SHA digital fingerprints are the same:

Close

Returns to the main menu.

Contents

Activates this help file. SHORTCUT: F1

About Box

Displays version and copyright information.

Future improvements

The continuing mission

We are committed to providing better, simpler, faster encryption and security products for both the desktop and the Internet.

We are planning the following new features, and over the next few months will be implementing these features and improvements:

  • Drag and drop encryption/decryption
  • Direct emailing of encrypted files
  • Optional storing of a log of file names, versions and hash values
Please visit our site for free updates.

Contact us for customer service on the web: stealthencrypt.com

Legal

This program is Copyright 1999, Sublimated Software, Inc.

We gratefully acknowledge Bruce Schneier's creation of Two Fish. Mr. Schneier has authorized use of Two Fish by the general public. Please buy his books including Applied Cryptography, published by Wiley, ISBN 0-471-59756-2.

Year 2000

This program is year 2000 capable. If your system is operating correctly, the program will operate after December 31, 1999.

Team

Programming: Amy Seeberger

Web Development and Web Maintenance: Eve Paludan

Team: Warren Clary, E. Ray Clary and Amy Seeberger

Glossary of Terms

encryption
Scrambling a file so that the key phrase and this program will be required to read it.

bit
A single 1 or 0 in a program. Used to refer to the length of keys. The longer, the harder it is to read a message by guessing the key.

key
(and key phrase) A short word, number or other characters you use to encrypt a message.

Two Fish
The encryption protocol used to encrypt files in this program

case sensitive
Keys must be entered using the same combination of capital and small letters. "Boat and boat are different.

Home About Email Products Free Index Links News Resources Services

© 1998-2000 Sublimated Software, Inc.