M ASTER  S OFTWARE


QUALITY SOFTWARE SINCE 1958
 

PROTECT YOUR PRIVACY -- PROTECT YOUR SECURITY
with the strongest line of data file and message encryption software available.
NK-Crypt Message Encryption System Version 01
User Manual - September 30, 2006



          1. NK-CRYPT MESSAGE ENCRYPTION SYSTEM




               NK-Crypt is a completely new method for secret communication.
          NK-Crypt requires no distribution of keys.  The sender and the receiver of
          a message have their own secret keys for each message, but neither party
          knows the other party's key.  The keys are never transmitted or
          distributed.

               This means that two parties who have never met, and have never had the
          chance to exchange keys, can communicate securely using NK-Crypt.  Even if
          both parties were under constant surveillance, with every email, every
          phone call and every letter obtained by their opponent, they can still
          communicate secretly.  Even if they say openly, "Let us send our messages
          using NK-Crypt," and their opponent knows this, even if their opponent also
          has NK-Crypt, and has every NK-Crypt message they have sent back and forth,
          their messages still cannot be read.



          TABLE OF CONTENTS


          1. NK-CRYPT MESSAGE ENCRYPTION SYSTEM
            1.1. A New Method
            1.2. Three-Pass Protocol

          2. USING NK-CRYPT
            2.1. Creating the Attention message
            2.2. Creating the Ready message
            2.3. Encrypting and decrypting the message
            2.4. Taking checkpoints
            2.5. Deleting cache entries

          3. FILES
            3.1. Identifying files
            3.2. The NK directory
            3.3. File identifiers.

          4. KEYS
            4.1. Key Do's and Don'ts
            4.2. Letters, digits and punctuation
            4.3. Key blocks
            4.4. Pronounceable keys
            4.5. Patterns
            4.6. Secretaries and clerks
            4.7. Key strength
            4.8. Summary: Picking a key

          Appendix A. DOS BASICS
            A.1. Starting DOS
            A.2. Sizing the DOS window
            A.3. Directories
            A.4. Current directory
            A.5. Working with directories
            A.6. Identifying files
            A.7. Long names
            A.8. File operations
            A.9. Batch files



          1.1. A New Method


               Today there are two leading methods for secret communication, secret
          key and public key.  In secret key communication, each of the parties must
          have a copy of the secret key or keys used for messages.  The keys must be
          distributed to all parties who need to communicate with one another, or who
          might need to communicate in the future.  When a new party joins the group,
          it may be necessary for a courier to bring the secret keys in person, or
          even to bring all parties new secret keys for communicating with the new
          party.

               In public key cryptography each party has both a private key, which is
          never distributed, and a public key which must be distributed to everyone
          who wishes to communicate with them.  For widespread use, there must be one
          or more key-issuing authorities which possess all of the keys, and which
          distribute these keys to all participants.

               With NK-Crypt's new method of communication, you and you alone have
          your secret keys.  Your secret keys are never distributed to anyone, so
          there is no chance that anyone will ever obtain your keys.  All of your
          keys are locked away on your computer under control of a Master Key that
          you choose, and that you alone know.  The Master Key is never stored or
          recorded on the computer, so even if someone stole your computer they still
          would not be able to get your secret keys.



          1.2. Three-Pass Protocol


               NK-Crypt uses the Three-Pass Protocol to transmit the message.  It is
          called the Three-Pass Protocol because three encrypted messages will be
          sent.

               The whole process takes 4 steps.  The sender performs steps 1 and 3.
          The receiver performs steps 2 and 4.  

          Step 1:  The sender uses NK-Crypt to encrypt the message with the sender's
          private key, and sends this Attention message to the receiver.

          Step 2:  The receiver uses NK-Crypt to encrypt the first message with the
          receiver's private key, and sends this Ready message back to the sender.
          This second message is encrypted by both the sender and the receiver.

          Step 3:  The sender uses NK-Crypt to remove the first encryption, and sends
          this final message back to the receiver.

          Step 4:  The receiver uses NK-Crypt to decrypt the final message file.

          
               None of the 3 transmitted files contain either the sender's private
          key or the receiver's private key.  These private keys are never
          transmitted, either openly or in any encrypted or coded form, so there is
          no possibility of an eavesdropper obtaining a key from an intercepted
          message.

               A simple way to understand the three-pass protocol is to picture how
          it was done 500 years ago.  Imagine that the message is written on
          parchment and placed in a strongbox which is carried by couriers.  The
          sender puts a secure lock on the strongbox and a courier brings the locked
          box to the receiver.  The receiver puts a second lock on the strongbox, and
          a courier takes it back to the sender.  The sender removes the first lock
          and sends the box back.  When the receiver gets the strongbox back, it has
          only the receiver's own lock, so the receiver can unlock the box without
          ever opening the sender's lock.



          2. USING NK-CRYPT



               To start NK-Crypt, you type the NK command at the DOS prompt.  That
          is, you type

               NK

          and then press the Enter key.  The first time you run NK-Crypt it will
          install itself.  That will be explained in a later chapter.  Let us
          concentrate first on a how a message is conveyed from the sender to the
          receiver.



          2.1. Creating the Attention message


               The first thing you must do in an NK-Crypt session is to supply the
          Master Key.  This is the key you chose when you installed NK-Crypt.  The
          program prompts you for the key 

               Please enter the Master Key.
               Key:

          You type your Master Key exactly the way you entered it when you installed
          NK-Crypt, for example, 

               Key: mozart pineapple wigwam

          Remember that the Master Key is case-sensitive, so mozart and Mozart are
          different keys.  If the Master Key is correct, the session can begin.

               NK-Crypt will then need to know what operation you want to perform.
          The operation depends on whether you are sending or receiving a message.
          NK-Crypt will display the session menu and prompt you for the next
          operation.

          

               Select an operation:
                 1 - Prepare a new file to transmit.  Create the Attention message.
                 2 - Respond to a new received message.  Create the Ready message.
                 3 - Create the encrypted message.
                 4 - Decrypt the message.

                 C - Checkpoint.  Save the cache and Master File.
                 D - Delete entries from the cache.
                 Q - Quit.

               Type your choice:

          

          Steps 1 and 3 will be performed by the sender, while Steps 2 and 4 are
          performed by the receiver.  Let's go through these steps in sequence.

               Suppose you are ready to transmit a new message.  You would choose
          Step 1 by typing a 1.  NK-Crypt now needs to know what file you want to
          send.  It will ask for the file name 

               Enter the name of the file to be encrypted, for example
               \NEWPROD\DESIGN\ENGINE.ART or type Q to quit.

               File name:

          You would type in the name of the file that contains the message you want
          to send, for example 

               File name: \recipes\rumcake

          
               NK-Crypt will create a series of 3 messages that will be sent back and
          forth.  You need to choose an identifier that will distinguish the 3
          message files for this message from all other message files that you and
          the receiver are sending and receiving.  Your message identifier must be 1
          to 8 characters long and may contain letters, digits, or both.  NK-Crypt
          will prompt you for the message identifer like this 

               Choose an ID for this message.  The ID must be
               1 to 8 letters and/or digits.
               Or, type Q to quit.
               Message ID:

          You would respond by typing the message ID that you wish, for example 

               Message ID: party

          NK-Crypt will then create the Attention message and place it on your
          computer under the name party.1.  You then send the message file party.1 to
          the receiver, for example by sending it as an attachment to an email, or by
          uploading it to a website.



          2.2. Creating the Ready message


               When the receiver gets the Attention message, it should be placed in
          the same directory as the NK-Crypt program.  The receiver must then create
          the Ready message to send back.  The receiver goes through the same process
          of typing NK to start NK-Crypt and then entering the Master Key.  For
          example, 

               nk

               Please enter the Master Key.
               Key: k407 d921 h368

          This, of course, is the receiver's Master Key, and may be completely
          different from the sender's Master Key.  Neither party has any need to know
          the other's Master Key.

               Once the Master Key is entered, NK-Crypt will start the session by
          displaying

          

               Select an operation:
                 1 - Prepare a new file to transmit.  Create the Attention message.
                 2 - Respond to a new received message.  Create the Ready message.
                 3 - Create the encrypted message.
                 4 - Decrypt the message.

                 C - Checkpoint.  Save the cache and Master File.
                 D - Delete entries from the cache.
                 Q - Quit.

               Type your choice:

          

          The receiver will type 2 to indicate that an Attention message has been
          received, and NK-Crypt should make the Ready message.  NK-Crypt will prompt
          the receiver for the message ID by displaying 

               Enter the ID for the message.  The ID is the same
               as the name of the transmitted message.
               Or, type Q to quit.

               Message ID:

          In this example the Attention message was called party.1 so the message ID
          is party.  The receiver types party after the prompt, like 

               Message ID: party

          and presses Enter.  NK-Crypt then creates the Ready message under the name
          party.2.  The receiver sends this message back to the sender.



          2.3. Encrypting and decrypting the message


               When the sender receives the Ready message, NK-Crypt is used to create
          the final encrypted message file.  The process is just as before.  The
          sender types NK to start NK-Crypt, types the Master Key, chooses Step 3,
          and then types the message ID, which is still party.  NK-Crypt creates the
          encrypted message in the file party.3 which the sender must send to the
          receiver.

               Once the receiver has the encrypted message, NK-Crypt can be used to
          decrypt it, so the message can be read.  The process is the same as above.
          The receiver types NK to start NK-Crypt, enters the Master Key, selects
          Step 4, and types the message ID party.  This time NK-Crypt will prompt the
          receiver for the name of the output file where the decrypted message should
          go.  

               Enter the name of the file where you want the decrypted
               message to be placed, for example \PROJECT\SALES\2005.DOC
               or type Q to quit.

               File name:

          The name that the receiver chooses for the file need not be the same as the
          name the sender used.  In this example, the sender called the file
          \recipes\rumcake but the receiver might call it
          \nuclear\treaty\revision.26.  The receiver would therefore type the file
          name as 

               File name: \nuclear\treaty\revision.26

          and press Enter.  NK-Crypt would then decrypt the message and place it in
          that file on the receiver's computer.



          2.4. Taking checkpoints


               NK-Crypt automatically saves the cache and the Master File at the end
          of each session.  If the session is long, either because you are processing
          many messages, or because some of the message files are large, you may want
          to save the cache and Master File more frequently.

               If your computer stops for any reason, such as a hardware error, or a
          momentary power interruption, you would need to repeat all of the
          operations in the last session.  However, if you take checkpoints, then you
          would need to repeat only the operations that were done since the last
          checkpoint.  To perform a checkpoint, on the session menu

          

               Select an operation:
                 1 - Prepare a new file to transmit.  Create the Attention message.
                 2 - Respond to a new received message.  Create the Ready message.
                 3 - Create the encrypted message.
                 4 - Decrypt the message.

                 C - Checkpoint.  Save the cache and Master File.
                 D - Delete entries from the cache.
                 Q - Quit.

               Type your choice:

          

          you would type C.



          2.5. Deleting cache entries


               If encryption and decryption proceed smoothly, with Steps 1 through 4
          always performed in order, then NK-Crypt will automatically remove
          unneeeded entries from the cache.  However, sometimes operations may not
          proceed in order.  For example, a sender might notify the receiver, "Ignore
          the last message, here is a new one."  In such cases, unwanted entries may
          remain in the cache, and the cache could fill up over time, and have no
          room for new entries.

               To prevent this problem, you may want to check the cache for obsolete
          or outdated entries.  To do this, you would type D at the session menu

          

               Select an operation:
                 1 - Prepare a new file to transmit.  Create the Attention message.
                 2 - Respond to a new received message.  Create the Ready message.
                 3 - Create the encrypted message.
                 4 - Decrypt the message.

                 C - Checkpoint.  Save the cache and Master File.
                 D - Delete entries from the cache.
                 Q - Quit.

               Type your choice:

          

               This will start the cache clean-up operation.  NK-Crypt will display
          the message IDs in the cache, and allow you to delete any message IDs that
          are no longer needed.  The display would look like this:  

               Cache entries 1 to 8
               ROME      LONDON    NEWYORK   PARIS     CAIRO     MOSCOW
               MUNICH    HOBOKEN

               Enter a message ID to be deleted, or type Q to quit.
               Message ID:

          You would then type the ID that you wanted to delete and press Enter, for
          example 

               Message ID: cairo

          You may delete as many message IDs as you wish.

               When you are finished with this group of message IDs, type Q to quit.
          If there are more message IDs in the cache, the next group will be
          displayed, otherwise you will be taken back to the session menu.



          3. FILES



               In order to use NK-Crypt effectively you need to know two basic
          concepts, files and keys.  This chapter and the next one will deal with
          these important topics.

               The files on your computer are organized into directories or folders.
          Directories and folders are two names for the same thing.  When you are in
          Windows, the computer will show you lists of files organized as folders.
          When you are in DOS, the computer will show you lists of those same files
          in directories.  Directories and folders are equivalent.

               You need to identify which files contain the messages that you want to
          send.  Often these files will be in directories that are named for the
          program that created them.  For example, if you create drawings using a
          program called EZ-Draw, then the drawings are likely to be in a directory
          with a name such as

               \EZ-DRAW\
           or
               \PROGRAMS\EZ-DRAW\

          or in a subdirectory of these directories, say

               \EZ-DRAW\MYFILES\

               You should always give your data files and folders names that clearly
          identify what they contain.  That way, you can easily find the files that
          you want to send, or that you have received.  You can find all of the files
          on your computer by clicking the My Computer icon on the Windows desktop.
          Equivalently, you can find all of your files by using the DIR command in
          DOS.

               You can encrypt any file you wish, even system files.  It is safe to
          do this because the file itself is not changed.  NK-Crypt creates new files
          each time you encrypt a file for transmission.  These files are named
          XXX.1, XXX.2 and XXX.3, where XXX is the message ID that you have chosen.
          Even if you encrypted one of these XXX files, the encrypted version would
          have a different message ID from the original, so the file names would be
          different and there would be no danger.



          3.1. Identifying files


               Each time you send or receive a message you must identify the file to
          NK-Crypt.  NK-Crypt will prompt you for the file name or message identifier
          at the appropriate time.  You identify files to NK-Crypt the same way that
          you identify files to DOS, namely by specifying the drive, path, filename
          and extension.  (If you already know DOS, you can skip or just skim this
          section.)  

               drive     is the device where your file is stored, usually
                         C for your hard drive, A or B for a floppy drive,
                         D or E for a CDROM drive.

               path      is the directory on your drive where the file is
                         located.

               filename  is the name that you gave your file.  The name
                         usually indicates the contents or purpose of the
                         file.

               extension is a suffix that indicates the kind of file, such
                         as TXT for a text file, JPEG for a picture file,
                         EXE for an executable file, etc.

          A full file identifier might look like this, 

               c:\mycompany\mydepartment\2005\sales.wp

          
               In this example, c: identifies that your file is on the C drive, which
          is your hard drive.  \mycompany\mydepartment\2005\ is the path to your
          data.  It shows that the data file is located in the 2005 folder, which is
          inside the mydepartment folder, in the mycompany folder.  So the path
          consists of nested folders, or a list of directories.  sales.wp is the file
          with the data.  The filename is sales, and the extension is wp, which
          indicates that it is a WordPerfect document.

               In a file identifier all of the fields except the filename are
          optional.  

               drive      can be omitted if the file is on the current drive,
                          that is, the drive where you are now working.

               path       can be omitted if the file is on the current
                          directory of the drive.

               extension  can be omitted if the file does not have an
                          extension on its name.  For example, if the file
                          is just named oldstuff then no extension is
                          needed.

          Here are some examples of valid file identifiers:  

               a:budget
                    identifies the file budget in the current directory
                    of the A drive.

               \jones\commissions
                    identifies the file commissions in the \jones directory
                    on the current drive.

               late\requests.txt
                    identifies the file requests.txt in the late
                    subdirectory of the current directory.

          



          3.2. The NK directory


               Messages created by NK-Crypt for transmission are named by a simple
          identifier without a drive, path, or file extension.  NK-Crypt reads the
          message files from the current directory, and writes them to the current
          directory.  It is recommended that NK-Crypt be installed in its own
          directory and that these files reside in this same directory along with the
          NK-Crypt program files.

               The NK directory might be \nk or \windows\nk or whatever directory you
          prefer.  If you have installed NK-Crypt in its own directory, let's say \nk
          then you would make \nk the current directory each time you use NK-Crypt.
          You do this by typing 

               cd \nk

          at the DOS prompt, and then pressing Enter.  To start NK-Crypt you would
          then issue the NK command.  The sequence of DOS commands would be 

               cd \nk
               nk

          and then NK-Crypt would start.

               When you receive NK-Crypt message files from the Internet, or from a
          website, they should be downloaded into the \nk directory, or else copied
          into the \nk directory after downloading.

               Having all of your NK-Crypt message files in a single directory makes
          it easy to keep track of them, so you can erase old NK-Crypt files once the
          message has been sent and received.



          3.3. File identifiers.


               If you are sending only a few NK-Crypt messages, then you can use
          pretty much any message IDs you like, and keep them all straight in your
          head.  However, if you have a large message traffic, with many senders and
          receivers, you may wish to adopt a systematic approach.  One possible
          convention would be to break the message ID into 3 separate fields, sender,
          receiver, and message number.  For example, a message ID PTRS0117 could
          designate message number 117 from sender PT to receiver RS.



          4. KEYS



               Choosing the Master Key for encrypting your files is one of the most
          critical steps in using the NK-Crypt package.  If you choose a short or
          weak key, it may be easy to remember and easy to type each time you need
          it, but your data will not be secure.  It is a serious mistake to think
          that you can use a weak key simply because you are using such a strong
          encryption package.  A strong safe with a weak lock is not secure.

               If you choose a long strong key your data will be more secure, but it
          will be harder for you to remember it and to type it accurately each time
          it is needed.  This chapter will describe techniques for choosing keys that
          are both secure and easy to remember and to type accurately.



          4.1. Key Do's and Don'ts


               Many people try to take shortcuts in order to have keys that are easy
          for them to remember.  You need to assume that any opponent will also be
          aware of the same shortcuts.  Here are some simple rules that can help
          prevent a costly error.

               When you choose a key, do not base the key on your personal
          information.  Assume that your opponent knows all of your personal data.

          DO NOT base your key on 

               Your birthday
               Your telephone number
               Your Social Security number
               Your license plate number
               Your spouse's, child's, parent's, sibling's or even
                 your pet's name, birthday, phone number, etc.

          DO NOT base your key on commonplace phrases 

               Nursery rhymes
               Song titles or lyrics
               Folk sayings
               Names of famous people, groups, places or events
               Names of books, plays or TV shows
               Punchlines from jokes
               Well-known dates
               Tongue twisters
               Words or phrases in other languages

          DO NOT use data widely known within your specialized field 

               Digits of pi or e
               Names of bones, nerves, or organs
               Names of stars, minerals, geological features, bacteria,
                 ancient cultures, alloys, proteins, theorems, etc.
               Mnemonics
               Names of people, schools, companies, places, etc.
               The speed of light, Avogadro's number, the Golden Ratio, etc.

          DO NOT choose sequences of consecutive letters from the alphabet or from
          the keyboard, whether forwards, backwards or diagonally.

          DO NOT use the keys that appear in this manual.  Always assume that your
          opponent has read it, too.

          DO use a long key.

          DO try to make your key as random as possible.

          DO read this entire chapter on picking keys.

          DO evaluate the strength of your key according to the principles in the
          following sections.

          DO make your Master Key extra long and strong.



          4.2. Letters, digits and punctuation


               If there are several people who need access to the data, and who are
          trusted with the Master Key, then the problem of recording or memorizing
          the Master Key becomes multiplied.  Some people have the capacity to
          memorize long strings of random-looking letters and/or digits, but most
          people cannot do this.  The safest course is to write down your key, and
          keep it in a secure place, such as a locked safe.  Other techniques will be
          discussed in a later section.  It is advisable to have several copies, in
          case one copy gets lost, stolen or destroyed.

               The strength of an encryption key is measured in bits, the binary
          digits that are used by your computer's hardware.  Here is a rough guide to
          how many bits you get from each character in an encryption key when the
          characters are chosen randomly.  

               Table 1.  Strength of each character in a key.

               Decimal digits = 3.3 bits
               Single case letters = 4.7 bits
               Mixed case letters = 5.7 bits
               Mixed letters and digits = 5.9 bits
               Mixed letters, digits and punctuation = 6.3 bits

          Based on this chart, here is the strength of some sample 10-character keys 

               Table 2.  Strength of 10-character blocks.

               5835701483 = 33 bits   Decimal digits
               CIWMRPTNZX = 47 bits   Upper case letters
               tyuhbivxks = 47 bits   Lower case letters
               DmbHaqREkV = 57 bits   Mixed case letters
               ku8Je94Lg7 = 59 bits   Mixed letters and digits
               g"p5WZc4%F = 63 bits   Mixed letters, digits, punctuation

          
               As you can see, the strength of the key increases when you choose
          randomly from a larger set of characters.  However, the difficulty of
          memorizing the keys and typing them accurately becomes much greater as the
          keys get more random.

               Note that all of the keys illustrated above are too short to be
          considered secure.



          4.3. Key blocks


               There are several methods for producing keys that are secure, yet
          easier for people to manage.  The first technique is to break your keys
          into blocks.  It has been a common practice for many years to break coded
          messages into blocks of 5 characters each so that they can be transcribed
          more accurately.  The same idea works for keys, too.  Notice how the key 

               CNWIALVMXBTEPOSBXRNH

          becomes much easier to read when it is broken into groups of 5 letters 

               CNWIA LVMXB TEPOS BXRNH

          
               For longer keys it may be advisable to use additional punctuation to
          organize the blocks into groups of blocks.  For example, 

               48591-04528-16392, 35207-31654-74925, 09482-71653-42570

               GBXTL=PRBUI=LVZEW..BXGMN=LUIQT=SPFAE..VZJOQ=HUKBW=OZCND

          
               The second technique is to use groups that have the same structure.
          Here are some examples, and the strength of each key block 

               91486 61872 94373   16 bits per block   5 digits
               T3708 D6204 F5193   18 bits per block   1 letter, 4 digits
               GS437 BR092 LX528   19 bits per block   2 letters, 3 digits
               UHM15 XTN63 MYA74   21 bits per block   3 letters, 2 digits
               QRILC PJRMS OVDZK   23 bits per block   5 letters

          The strength remains the same when the letters are placed in different
          positions.  For example, all of the following keys have the same strength,
          namely 2 letters and 3 digits 

               GS437 BR092 LX528   Letters at the start of each block
               943KP 471GQ 205YL   Letters at the end of each block
               V107J X219C F738L   Letters at both ends of each block
               6WF52 9TU48 7JN13   Letters in the middle of each block

          
               One advantage of using key blocks that always have the same structure
          is that there is no confusion between letters and digits.  Some letters and
          digits that may get confused are 

               Letters   B G I l O S T Z
               Digits    8 6 1 1 0 5 7 2

          Its position in the block tells you whether the character is a letter or a
          digit, so there is no need to avoid these characters when you use blocks
          with a fixed structure.

               Another variation on this idea is to make each key block uniform, but
          to vary the types of blocks randomly.  Here are two 30-character keys with
          uniform blocks.  Each block consists of all digits, or all uppercase
          letters, or all lowercase letters.  

               KNUHW 50258 fewrz 39274 gyakf obqnk

               doztc 81463 69917 AGNDL rdefo PUIZH

          



          4.4. Pronounceable keys


               Another technique that can be used to produce keys which are secure,
          yet easy to remember, is to make the keys pronounceable.  That is, you
          would use pronounceable combinations of vowels and consonants to form
          syllables, and combine these syllables to form artificial words.  This
          method may be valuable in situations where it is unsafe to write down the
          keys, and they must be memorized.  Here are some examples.  

               shambu dilp prelec oltu domex sarbuti shum obior

               Yotz doruc flean jadmek pra kerazi, Lagatu limbrazon.

          
               You can burn the key into your memory by starting with just a few
          artificial words, say DOZEK ULM HAPLICO, and repeat these to yourself for a
          day or two.  Then add another few words, say DOZEK ULM HAPLICO GRUX ANTIAM,
          and repeat those in your head for a few more days.  You can add some more
          words the following day.  

               dozek ulm haplico grux antiam ludovesk gur amesqi

          
               You can complete the process by adding capitalization and punctuation,
          like 

               Dozek ulm Haplico "Grux Antiam" ludo-vesk gur a'mesqi.

          Using mixed-case letters and punctuation increases the strength of your
          key.

               You can imagine the key to be a saying in some private language, and
          make up a translation, in order to fix it more firmly in your mind.  For
          example, 

               Wise king Haplico "Lion of Antioch" out-witted a sorcerer.

          
               In a pronounceable key each letter has a strength of about 3.3 bits if
          the words are fairly uniform in length, and about 3.5 bits if the words are
          more variable in length.  For example, the first key below is fairly
          uniform in length, while the second is more variable.  

               panek dilbap greho drung fasdop ulben bukty crivan

               lobykar elb dixiat glem urbiqeo dhorsh uz vilagump

          



          4.5. Patterns


               When choosing a key, avoid creating any patterns, such as repeated
          letters or syllables.  Patterns weaken the keys by making them easier to
          guess.  Here are some examples of keys with patterns.  

               BBXXTT KKUUVV WWYYCC      The letters are all in pairs.
               aaa3gg5yyyy9ccc7uu2       There are runs of equal letters.
               10704 20906 50803         The second and fourth digit in
                                         each group is zero.
               51615 38183 29092         Each group has an ABCBA pattern.
               zampana reveske flogoto   The vowels in each group are all
                                         the same.
               tuntam memescu saksoli    The first and second syllable
                                         start with the same letter.
               debendik devogi delakt    Every group starts with de.
               ABC ghi LMN def XYZ       Each group has 3 consecutive
                                         letters of the alphabet.
               500XD 711TJ 822GN         The second and third digits in
                                         each group are the same.
               31734 23839 30376         Every group has two 3's.
               dobaku levoti wafigo      Consonants and vowels alternate.
               vgy7 2wdc zse4 7ujm       Has diagonal runs on the keyboard.
               KAZ VEK CIF ZOP HUQ       The vowels run in order AEIOU.

          
               Once you have chosen a key, inspect it for patterns, and change it to
          remove them.  If your key is a long string of letters or digits, look to
          see if there are any letters or digits that are used too often, or that are
          missing.  You may want to make some changes.  However, don't overdo it.  If
          you use every letter or every digit exactly the same number of times, or if
          all the letters and digits in each block of your Master Key are always
          different, those are also patterns which weaken the key.



          4.6. Secretaries and clerks


               Sometimes lower-echelon employees will not safeguard file keys as
          zealously as other workers.  It is common for these employees to write down
          keys in places that are easily accessible, such as on the computer itself,
          on their desk pads or wall calendars, or on slips of paper on a bulletin
          board.  Anybody could see the keys and write them down.  It is absurd for
          the company president to keep the Master Key in a locked box inside a
          walk-in vault, and for the secretary's assistant to write the Master Key on
          a gummed label on the wall next to the computer.

               The employee might assume that nobody will ever guess that those
          cryptic letters and digits are actually the Master Key that unlocks all of
          the company's secret files.  The employee might assume incorrectly.  If
          these employees must be trusted with the Master Key then it is essential
          that they be educated to avoid such security breaches.

               Keys should never be written or pasted on the computer itself, the
          computer desk, a desk pad or calendar, the cover of a notebook or steno
          pad, the bottom of a stapler, telephone or flowerpot, the back of a
          clipboard, letter tray or desk organizer, or any similar place.  Intruders
          know to look in such places.  Don't make their job easy.



          4.7. Key strength


               The following table is a guide to how long a key must be in order to
          achieve various levels of security.  For example, if you want a key
          strength of 200 bits, and you use a decimal key, then you need 60 digits.
          With the speed of current computers 100 bits is the lowest level of
          security that can be considered safe.

               The table assumes that the letters or digits of the key are chosen
          completely randomly.  If the letters or digits follow some pattern then
          your key needs to be longer.  For example, a key such as 

               TC174 JF296 BH583 KD629

          would be measured as 8 single-case letters and 12 digits, for a total
          strength of 77 bits.  Because of the LLDDD pattern it would not be
          considered to be 20 mixed letters and digits, which would have a strength
          of 118 bits.  


          Table 3.  For each type of key, this table shows how long to make
                    the key in order to achieve the desired strength.

                                   Desired key strength measured in bits
          Type of key             100   125   150   200   250   300   400
          ---------------------------------------------------------------
          Decimal digits           30    38    45    60    75    90   120
          Single-case letters      21    27    32    43    53    64    85
          Mixed-case letters       18    22    26    35    44    53    70
          S-C letters + digits     19    24    29    39    48    58    77
          M-C letters + digits     17    21    25    34    42    50    67
          Letters, digits, punc    16    20    24    32    40    47    63
          Uniform blocks           22    27    33    44    55    66    88
          Pronounceable, uniform   30    38    45    60    75    90   120
          Pronounceable, variable  29    36    43    57    71    86   114

          For example, if you wanted a decimal key you would read across the top row
          of this table.  If you wanted the decimal key to have a strength of 125
          bits, you would look at the second column in the top row to find that you
          would need 38 decimal digits.  If you wanted a key of mixed-case letters
          and digits with a strength of 250 bits, you would need 42 letters and
          digits.

               Note that the longest input line you can enter is 126 characters.
          (This is a limitation of DOS, not a limit set by NK-Crypt.)  So if you
          wanted 400 bits of strength, and you chose to have a decimal key which
          requires 120 digits, then you would have only 6 characters left to separate
          the blocks.  Your blocks would need to average over 17 characters each.  (A
          pattern of 17, 17, 17, 17, 17, 17, 18 would fit.)



          4.8. Summary: Picking a key


          The best way to pick a key is to follow these steps.

          (1) Decide how strong you want your key to be, say 200 bits.
          (2) Choose the type of key, say blocks of letters and digits.
          (3) Use the tables above to determine the key length.
          (4) Randomly choose a key of the required length.
          (5) Inspect the key for patterns.
          (6) Adjust the key to remove or reduce the patterns.
          (7) If you will need the key again, write down the key and keep
                  a copy in a secure place.
          (8) Type the key when NK-Crypt asks for it.



          Appendix A. DOS BASICS



               NK-Crypt runs under DOS, not under Windows.  DOS was the primary
          operating system for personal computers from about 1975 to 1995.  Older
          versions of Windows, prior to the introduction of Windows 95, ran as tasks
          under DOS.  Since 1995 the situation has reversed, and DOS now runs as a
          task under Windows.  Every computer user before 1995 knew DOS well.
          However, newer computer users may not be familiar with DOS, so that a
          little basic orientation may be helpful.



          A.1. Starting DOS


               On newer computers it may be difficult even to find DOS in order to
          use it.  There are two methods for running DOS.  The first method is to
          click on a DOS icon from your desktop, or from a taskbar at the top or
          bottom edge of the desktop.  The icon may say DOS, or MSDOS, or possibly
          CMD or COMMAND.  Clicking any one of these icons will start DOS.  If there
          is a DOS icon on your desktop or in a taskbar, you can skip the rest of
          this section.

               If there is no DOS icon on your desktop or taskbar you may find one
          elsewhere.  Start by clicking on "Start" in the corner of the screen.  This
          will bring up a menu listing various programs and options.  If there is a
          DOS icon there, you can use it directly, or you could drag it onto the
          desktop for future use.  If it is not there, click on "Programs" or "All
          Programs."  This will bring up a long list of various programs that are on
          your computer.  If one of these is DOS, you can click it, or you can drag
          it to the desktop.

               If you still don't see a DOS or CMD icon, put your mouse on each of
          the icons that you see.  Don't click, just let the mouse cursor rest on the
          icon.  This will often bring up another list of programs, and DOS may be
          among them.

               If DOS still is not there, don't give up.  You just need to search
          deeper.  In the list of All Programs there will be some folders with names
          such as "Applications" or "System Utilities."  Click to open each of these
          folders.  In those folders you may find DOS or CMD.  Or, you may find more
          folders.  Again, rest the mouse on the names of programs, and click on
          folders to find even more well-hidden programs and folders.

               Once you find the DOS icon, drag it to the desktop.  Put the mouse
          cursor on the DOS icon and hold down the left button.  Move the mouse to
          drag the cursor onto the desktop, and then release it to drop the icon on
          the desktop.  Click the desktop to close all of the other windows.  Then
          drag the DOS icon to wherever you want it on the desktop.

               If all of this fails, it is time to try the second method.  Go back to
          the desktop, and click on "Start" again.  In the list of options click on
          "Run" or "Run Program."  This will open a small window with a box where you
          can type the name of a program that you wish to run.  Type CMD in this box,
          and then press Enter.  This will open a DOS window.



          A.2. Sizing the DOS window


               The DOS window will often be a small window in the middle of the
          screen, probably off-center.  It is easier to work with DOS in full-screen
          mode, with no distracting windows or borders.  To do this, right click on
          the top border of the DOS window, and select "Properties" from the pop-up
          window that appears.  Use the various options to select full-screen mode.
          This may take several tries before it works, so don't get frustrated if the
          next time you use DOS you get the same small window, and need to resize it
          again.

               When you do get the full screen mode, the screen is likely to be set
          to 50-line mode.  This makes the characters small and crudely formed.  You
          may be more comfortable using 25-line mode.  To switch, you can type the
          command

               mode con lines=25

          This will double the size of the characters and make them easier to read.



          A.3. Directories


               In DOS your computer's hard disk is organized into directories.  All
          of the files on your computer are in directories.  These correspond to the
          folders in Windows.  Directories and folders are the same thing.  A
          directory or a folder can contain files and more directories or folders, so
          that the folders or directories are nested one inside the other in a
          hierarchy.

               The top of the hierarchy is called the "root directory."  Typically
          the root directory does not contain any files.  Rather, it contains all of
          the principal directories on the computer, such as

               \Windows
               \Program Files
               \Documents and Settings

          and so forth.  The backslash \ in front of these directory names shows that
          they are directories within the root directory.

               A directory within another directory is sometimes called a
          subdirectory.  In the example above the directory Windows would be a
          subdirectory of the root directory.



          A.4. Current directory


               Files are identified in DOS by using a path, a filename and a
          filetype.  For example,

               direc1\direc2\file1.doc

          Here the path is direc1\direc2, the filename is file1 and the filetype is
          doc.  The path consists of the sequence of nested directories which contain
          the desired file.

               If the path starts with a \ backslash, then the sequence of
          directories start from the root directory.  If the backslash is omitted,
          then the path starts from the current directory.  For example, if the
          current directory is Windows, then the file identifier
          direc1\direc2\file1.doc would refer to the file
          \Windows\direc1\direc2\file1.doc

               By setting the current directory you can shorten the names of programs
          and files that you must type.  For example, if you want to use the program

              \direc1\direc2\prog1.exe

          to process the data files

              \direc1\direc2\file1.dat
          and
              \direc1\direc2\file2.dat

          you could type

              \direc1\direc2\prog1 \direc1\direc2\file1.dat \direc1\direc2\file2.dat

          If you changed the current directory to \direc1\direc2 then this could be
          shortened to

              prog1 file1.dat file2.dat

              The command to change the current directory is cd.  To change the
          current directory to \direc1\direc2 you would type

               cd \direc1\direc2\

          If you later wanted to change the current directory to
          \direc1\direc2\direc3 it is sufficient to type

               cd direc3

          since you were already in the directory \direc1\direc2.



          A.5. Working with directories


               You can make your own directories by using the Make Directory command.
          For example, if the current directory is \direc1\direc2 and you wanted to
          make a subdirectory called direc3, then you could type

               md direc3

          Starting from the root directory, the new directory would be
          \direc1\direc2\direc3.

               To remove a directory, you can use the Remove Directory command.  For
          example, to remove the directory \direc1\direc2\direc3 you would type

               rd \direc1\direc2\direc3

          As a safety precaution, you cannot remove a directory until you have
          deleted all of the files in the directory, and removed all of its
          subdirectories.  This prevents you from accidentally deleting files that
          you meant to keep.

               To list the contents of a directory, you can use the Directory
          command.  The basic format is

               dir mydirec /options

          Here mydirec is the directory you want to list.  There are many possible
          options.  Here are a few of the most useful:

               /s    List the contents of all subdirectories
               /on   Sort the files by name
               /os   Sort the files, smallest to largest
               /o-s  Sort the files, largest to smallest
               /od   Sort the files, oldest to newest
               /o-d  Sort the files, newest to oldest
               /p    Pause after every 20 lines

          You can use several options in the same command.  For example,

               dir \direc1 /s /od /p

          would list the files in \direc1 and all of its subdirectories sorted from
          oldest to newest, and pausing after every 20 lines.

               You can also list specific files, files that have a given filename or
          filetype, or files whose filenames and filetypes begin with specific
          letters.  Here are some examples

               dir tax.ref   Lists the file tax.ref.
               dir tax.*     Lists all files with the name tax.
               dir *.doc     Lists all files of type doc.
               dir st*.c*    Lists all files whose filename starts with st
                             and whose filetype begins with c, such as
                             startup.cfg, study.com or state.core.

          The * asterisks in these commands are called wildcards because they can be
          replaced by any set of letters.  These commands can tell you whether these
          files exist, their sizes, and the date they were last updated.



          A.6. Identifying files


               All of the data in your computer resides in files.  Files contain the
          operating system, all of the application programs, and all of the data that
          they use and create.  Files are identified to DOS by four fields, namely
          the drive, path, filename and extension.

               drive      is the device where your file is stored, usually
                          C for your hard drive, A or B for a floppy drive,
                          D or E for a CDROM drive.

               path       is the directory on your drive where the file is
                          located.

               filename   is the name that you gave your file.  The name
                          usually indicates the contents or purpose of the
                          file.

               extension  is a suffix that indicates the kind of file, such
                          as TXT for a text file, JPEG for a picture file,
                          EXE for an executable file, etc.

          A full file identifier might look like this,

               c:\mycompany\mydepartment\2005\sales.wp

               In this example, c: identifies that your file is on the C drive, which
          is your hard drive.  \mycompany\mydepartment\2005\ is the path to your
          data.  It shows that the data file is located in the 2005 folder, which is
          inside the mydepartment folder, in the mycompany folder.  So the path
          consists of nested folders, or a list of directories.  sales.wp is the file
          with the data.  The filename is sales, and the extension is wp, which
          indicates that it is a WordPerfect document.

               In a file identifier all of the fields except the filename are
          optional.

               drive      can be omitted if the file is on the current
                          drive, that is, the drive where you are now
                          working.

               path       can be omitted if the file is on the current
                          directory of the drive.

               extension  can be omitted if the file does not have an
                          extension on its name.  For example, if the file
                          is just named oldstuff then no extension is
                          needed.

          Here are some examples of valid file identifiers:

               a:budget
                    identifies the file budget in the current directory
                    of the A drive.

               \jones\commissions
                    identifies the file commissions in the jones directory
                    on the current drive.

               late\requests.txt
                    identifies the file requests.txt in the late
                    subdirectory of the current directory.



          A.7. Long names


               Some Windows files and directories have long names, or names
          containing blanks or dots, such as

               Documents and Settings
               My Music
               Microsoft.Net
               SharedReg12.dll

          Microsoft has made the naming of files and directories incompatible between
          Windows and DOS.  DOS limits directory names to 8 characters, and does not
          allow blanks in names.

               To refer to these directories, you need to shorten the names down to 8
          characters.  The short name is formed by taking the first 6 non-blank
          characters of the name plus the combination ~1.  When the name of a
          directory contains a . dot character, each of the parts of the name is
          treated separately.  For example, for the directories above,

               Documents and Settings   would be called   Docume~1
               My Music                 would be called   MyMusi~1
               Microsoft.Net            would be called   Micros~1.Net
               SharedReg12.dll          would be called   Shared~1.dll

          Thus a full path and file name such as

               \Windows\Microsoft.Net\Framework\SharedReg12.dll

          in DOS would be called

               \Windows\Micros~1.Net\Framew~1\Shared~1.dll

               It is a good idea to give all of your own files and directories names
          that are compatible with DOS.  The names should be no more than 8
          characters long and should not contain blanks.



          A.8. File operations


               Besides the encryption and decryption operations that you perform
          using NK-Crypt, it can be useful to know several other common file
          operations.

               There is no DOS operation to create a file.  Files are created by
          application programs such as word processors, picture editors,
          spreadsheets, etc.  Once created, files can be copied, renamed and deleted.

               It is important to remember that encrypted files should not be
          renamed, and files should not be copied into or out of a group of encrypted
          files.  It is safest to decrypt files before renaming or copying.

               To copy a file to a new location, the command is

               copy oldfile newfile

          The old file and new file identifiers can be fully qualified, that is, they
          may have drive, path, filename and filetype.  So the copy command can be
          used to copy files to other directories or to other drives.

               Wildcards can be used in the copy command to copy groups of files.
          For example, the command

               copy \oldpath\*.doc \newpath\*.*

          would copy all files of type doc from the \oldpath directory to the
          \newpath directory.

               The rename command works similarly to the copy command.  The form is

               ren oldfile newname

          Here oldfile can be fully qualified, with drive, path, filename and
          filetype.  However, newname can have only a new filename and filetype.
          There cannot be a new drive or new path because the file does not change
          its location, only its name and/or type.  For example,

               ren target\x3*.jpg x4*.*

          would rename all of the jpg files in the target directory that start with
          x3 to start with x4.

               The command to delete files takes the form

               del file

          Here, file can be a fully-qualified file identifier, with drive, path,
          filename and filetype.  It can also have wildcards so that you can delete
          several files with a single command.  For example,

               del a:old*.*

          would delete all files in the current directory of the a drive whose
          filenames start with old.

               Note that deleting a file does not erase it.  The file still exists on
          the disk, where it can be read by various utility programs that are
          available for that purpose.  The file will remain there until some other
          file eventually gets written on top of it.



          A.9. Batch files


               Batch files are a useful way to reduce the number and complexity of
          the DOS commands that you must type.  Each batch file can contain any
          number of DOS commands.  You execute the entire sequence of DOS commands
          just by typing the name of the batch file.

               Here is a simple example.  Suppose that you frequently use the program
          NK-Crypt.  If the current directory is \plans\tower but NK-Crypt is in the
          directory \programs\download then to use NK-Crypt you would type

               \programs\download\NK

          To make this easier, you could create a batch file named NK.bat on the
          current directory.  This file would contain the single line

               \programs\download\NK

          Now when you wanted to execute NK-Crypt all you would need to type is

               NK

               You could place a copy of the batch file NK.bat in every directory
          where you usually work.  Then you could run NK-Crypt from anywhere just by
          typing NK.  You would not need to have multiple copies of NK-Crypt.

               There are many other DOS commands and options.  This is just a small
          sample of useful DOS commands.


Choosing an Encryption Product
A Quick Overview of Cryptography

Back to the NK-CRYPT main page
Back to the MASTER SOFTWARE CORPORATION homepage

© Copyright 2006, 2007 Master Software Corp
All rights reserved. No part of this manual may be reproduced in any form without the express permission of Master Software Corp.