<!--This file created 8/25/98 12:08 PM by Claris Home Page version 2.0-->
<HTML>
<HEAD>
   <TITLE>CipherSaber  FAQ</TITLE>
   <META NAME=GENERATOR CONTENT="Claris Home Page 2.0">
   <X-SAS-WINDOW TOP=61 BOTTOM=600 LEFT=84 RIGHT=614>
   <X-SAS-REMOTESAVE SERVER="iecc.com" USER="arnold"
   DIR="~arnold/ciphersaber/" FILE="">
</HEAD>
<BODY BGCOLOR="#FCFCD6">

<H1>CipherSaber FAQ</H1>

<P>Here are some questions that have been asked (or ought to be
asked) about CipherSaber:</P>

<H4>"What is CipherSaber?"</H4>

<P>CipherSaber is an ultra-simple encryption method. Anyone with a
little programming skill can write a CipherSaber program. Yet it uses
a respected code called RC4 to provide very high strength. A
CipherSaber program can be written in as few as 22 lines of Basic.
You can find out how at:
<A HREF="http://ciphersaber.gurus.com">http://ciphersaber.gurus.com</A>
</P>

<H3>"Is CipherSaber a serious proposal or are you just trying to make
a point?"</H3>

<P>Both, actually. The point is that encryption technology is too
simple to be suppressed. But CipherSaber is also a serious encryption
tool that is very useful.</P>

<H3>"Isn't PGP a lot better than CipherSaber?"</H3>

<P>PGP is certainly better in most cases. It has important features
that CipherSaber lacks, including public keys and electronic
signatures. It is also available as an easy to use freeware plug-in
for popular electronic mail programs such as Eudora. Everyone should
get PGP and learn how to use it, if they possibly can. Visit
<A HREF="http://www.pgp.com">http://www.pgp.com</A> and
<A HREF="http://www.pgpi.com">http://www.pgpi.com</A> for more
information on PGP.</P>

<H3>"Does CipherSaber have any advantages over PGP?"</H3>

<P>Yes, a few. Compared to PGP, CipherSaber is more:</P>

<OL>
   <LI><B>Portable.</B> CipherSaber is small enough to implement on
   just about any computer that can be programmed, including the Palm
   Pilot, HP palm tops, Windows CE hand helds, Apple's late, lamented
   Newton, Java-based network computers, older personal computers,
   like the Apple II or Commodore 64, and even legacy mainframes and
   minis.
   
   <LI><B>Transparent.</B> Because CipherSaber is so simple, it is
   easy to inspect the source code for errors or hidden traps that
   leak information. While Network Associates, Inc. publishes the PGP
   source code, you still have to trust the few individuals that
   actually bother to inspect it carefully. There is additional trust
   involved in believing that the copy of PGP you have was compiled
   from the source code that they inspected. I have faith in the
   integrity of the PGP folks, but cryptography is not about trusting
   people.
   
   <LI><B>Resistant to suppression.</B> They can't take CipherSaber
   away from you. The U.S. Congress is seriously considering banning
   the distribution of strong encryption systems that block
   government access to plaintext, such as PGP. The head of the FBI
   wants the ban to apply even within the United States. The same law
   might even ban the distribution of CipherSaber programs, but the
   knowledge needed to write ones own CipherSaber would be much
   harder to suppress.
   
   <LI><B>Educational and fun.</B> Writing your own encryption
   program will teach you a lot about cryptography and it's a blast
   when your program finally is able to decipher the sample messages.
   CipherSaber transforms cryptography from an obscure and difficult
   technology into a basic skill of citizenship.
</OL>

<H3>"They couldn't really ban PGP, could they?"</H3>

<P>Congress can certainly pass such a law. The Director of the FBI,
one of the most powerful men in Washington, is pushing for it's
passage. Hopefully the Supreme Court would strike such a law down as
unconstitutional, but don't count on that. On the other hand, the
widespread distribution of CipherSaber would be a strong argument
against a crypto ban's constitutionality.</P>

<H3>"Can I use CipherSaber with PGP?"</H3>

<P>PGP cannot read or write CipherSaber encoded files, nor can
CipherSaber read PGP files. However PGP does provide an excellent way
to exchange CipherSaber keys with other people. Let's say you are
going on vacation and want to exchange secret messages with a friend,
but you will only be bringing your palm top computer with you. You
can use PGP on your desktop computer to tell your friend before you
leave what CipherSaber key you will use.</P>

<H3>"Is CipherSaber secure?"</H3>

<P>RC4 is well respected, but has only been publicly known for a few
years. It is generally respected by cryptographers, but a few
weaknesses have been identified. The most serious weaknesses are
avoided as long as you use a key consisting of ASCII letters and
number that is shorter than 54 characters. See a Cryptanalysis of
CipherSaber-1 for more detailed information.</P>

<H3><A NAME="getrc4"></A>"Where can I get RC4?"</H3>

<P>RC4 is described in the second edition of Bruce Schneier's book
Applied Cryptography. You can find it on the Internet by searching on
"rc4 source" using your favorite search engine. You might also search
on "arcfour" which is the name of an Internet draft standard that
uses the same algorithm. Finally, here is the RC4 algorithm in plain
English:</P>

<BLOCKQUOTE><P>"RC4 uses two arrays of eight bit bytes. The "state"
array is 256 bytes long and holds a permutation of the numbers 0
through 255. The "key" array can be of any length up to 256 bytes.
RC4 also uses two index variables i and j that start off as zero. All
variables are eight bits long and all addition is performed modulo
256.</P>

<P>RC4 has two phases: key setup and ciphering. The setup phase is
only done once per message and starts by initializing the entire
state array so that the first state element is zero, the second is
one, the third is two, and so on.</P>

<P>The state array is then subjected to 256 mixing operations using a
loop that steps i through the values from zero to 255. Each mixing
operation consists of adding to the variable j the contents of the
ith element of the state array and the ith element of the key. The
key is accessed cyclicly in this operation. That means if the key
were 10 bytes long and i were equal to 22, then the second element of
the key would be added to j. Now swap the ith and jth elements of the
state array. After the entire loop is completed, i and j are reset to
zero.</P>

<P>During the ciphering operation, the following steps are performed
for each byte of the message:</P>

<UL>
   <LI>The variable i is incremented by one
   
   <LI>The contents of the ith element of S is then added to j
   
   <LI>The ith and jth elements of S are swapped and their contents
   are added together to form a new value n.
   
   <LI>The nth element of S is then combined with the message byte,
   using a bit by bit exclusive-or operation, to form the output
   byte.
</UL>

<P>The same ciphering steps are performed for encryption and for
decryption."</P></BLOCKQUOTE>

<P>Note that in CipherSaber the RC4 key array consists of the user's
CipherSaber key followed by the 10 byte initialization vector. That's
all there is!</P>

<H3>"Is it ethical to use RC4?"</H3>

<P>RSA Division of Security Dynamics still considers RC4 to be a
proprietary algorithm. Under US law, inventors have two ways to
protect an invention. The can disclose the invention in exchange for
a patent, which gives them exclusive rights for a limited time, or
they can keep the invention a trade secret for a long as they can. If
they choose the secrecy path they run the risk of their invention
becoming public knowledge.</P>

<P>RC4 was not patented. Protecting mass market computer programs as
trade secrets is especially risky since the source code of such
programs can be recovered by a process know as disassembly or reverse
engineering. California law explicitly recognizes reverse engineering
as a legitimate way of discovering a trade secret. The person who
posted the source code for RC4 to the Internet claimed to have
reverse engineered it. There is no way to verify that the poster was
telling the truth, but RC4 is certainly simple enough to have been
reverse engineered.</P>

<P>As a matter or courtesy, I recommend that anyone using CipherSaber
in a commercial product attempt to obtain a license from RSA. As I
understand the law such a license is not legally required, however I
am not a lawyer. Ethically, I do not believe a license is required
for individual or educational use.</P>

<H3>"Wasn't there a spelling error in the CiberKnight certificate?"
</H3>

<P>Yes, there was. I would like to claim the introduction of this
error was intended to give me immediate feedback on people's success
in deciphering the certificate. Unfortunately it was just a dumb
mistake. The defective certificate has been replaced by a newer
version and the older version will no doubt become a valuable
collector's item.</P>

<H3>"Does it violate CiberKnight rules to give a friend a
CipherSaber?"</H3>

<P>No, as long as you are not exporting it from the United States in
the process. Widespread distribution of CipherSabers is encouraged as
long as it is within the law. However, you should not display a
CipherKnight certificate unless you wrote the program that decrypted
it yourself.</P>

<H3>"How do I test my CipherSaber?"</H3>

<P>If you can decrypt the test samples provided at
http://ciphersaber.gurus.com and if you can decipher files that you
have enciphered, your program is working properly. You must also make
sure that the IV generation is working properly.</P>

<H3>"What can go wrong with a CipherSaber implementation?"</H3>

<P>There are several ways CipherSaber can be weakened by improper
use:</P>

<OL>
   <LI>Using a key or passphrase that is too short or too
   predictable. A passphrase shorter than 12 characters or made up of
   three of fewer dictionary words is no secure enough. See the
   <A HREF="http://www.hayom.com/diceware.html">Diceware</A> page for
   a safe way to generate strong keys.
   
   <LI>Encrypting two different messages with the same initial vector
   and same key. It is important that the method you use to generate
   the ten byte initial vector never generate the same values twice.
   Be very careful when using the (so-called) random number
   generators that come with most programming systems. For example,
   Microsoft's Qbasic's random number generator only uses a 24-bits.
   The standard way to initialize it, through an INITIALIZE TIMER
   statement provides even less randomness. See
   <A HREF="cryptanalysis.html">A Cryptanalysis of CipherSaber</A>
   for more details.
   
   <LI>Running CipherSaber on a multi-user computer, where other
   users can see what you are doing and discover your key.
</OL>

<P>There are many other security risks inherent in using computers
for encryption. See my Chapter "Commonsense and Security" in
<A HREF="http://net.gurus.com">Internet Secrets</A> from IDG Books
Worldwide.</P>

<H3>"Why not use RC4 itself as a random number generator?"</H3>

<P>Doing so makes your Ciphersaber program a bit more complex, but
RC4 is a powerful pseudo-random number generator, with a much bigger
internal state than than the ones that come with most programming
systems. Use the date, time and something unique to you as the RC4
key for the IV generation. If you know how to get key-press timings
from your computer, you can use them in the key as well. I have an
<A HREF="http://www.hayom.com/passgen.html">example of this in
Java</A>.</P>

<P>The danger in making your own random number generator is that if
it has a bug, your Ciphersaber program will appear to work but may
not be secure.</P>

<H3>"Any other housekeeping I should be aware of?"</H3>

<P>Your program should set all variables and arrays that it uses to
zero as soon as it is done with them. Be careful when using
optimizing compilers that may strip out statements that set variables
to zero at the end of a program if they appear not to alter a
variable that will be used later. One solution is to set variables to
zero using a subroutine call.</P>

<H3>"Why is IV after the key?"</H3>

<P>Placing the IV after the key reduces some potential weakness. See
<A HREF="cryptanalysis.html">A Cryptanalysis of CipherSaber</A> for
more details.</P>

<H3>"How do I make up safe keys?"</H3>

<P>You can makeup random letter strings quite easily by writing the
letters of the alphabet on 26 identical objects and putting them in a
bag or box. Scrabble letters work quite well, just use only one of
each letter. Then pull letters out one at a time, returning the
letter to the bag and shaking after each pick. For an even better way
to make safe keys that are easy to remember, visit the
<A HREF="http://www.hayom.com/diceware.html">Diceware</A> page.</P>

<H3>What is CipherSaber-2?</H3>

<P>CipherSaber-2 is a modification to Ciphersaber-1 that addresses
concerns raised about possible statistical weaknesses in RC4. Used as
suggested, there are no known problems with RC4 as it is employed in
CipherSaber-1, but CipherSaber-2 adds an additional margin of safety.
See <A HREF="cryptanalysis.html">A Cryptanalysis of CipherSaber</A>
for more details.</P>

<H3>"What is Jury nullification?"</H3>

<P>Jury nullification is the idea that a jury of common citizens can
prevent the government from enforcing laws the jury members consider
unfair or oppressive by simply refusing to convict a fellow citizen
accused of violating that law. Here are some links to more
information about jury nullification:</P>

<P><A HREF="http://www.fija.org">Fully Informed Jury Association
http://www.fija.org/</A></P>

<P><A HREF="http://www.2ndlawlib.org/other/jurynull.html">Jury
Nullification: The Top Secret Constitutional Right
http://www.2ndlawlib.org/other/jurynull.html</A></P>

<P><A HREF="http://www.mapinc.org/drugnews/v97.n231.a02.html">PUB:
Jury Nullification: A Power or a Thought Crime?
http://www.mapinc.org/drugnews/v97.n231.a02.html</A></P>

<P><A HREF="http://www.co.lake.il.us/pubdef/jury-nul.htm">Jury
Nullification - A Most Important Right
http://www.co.lake.il.us/pubdef/jury-nul.htm</A></P>

<H3>"Would the America's Founding Fathers have approved of
cryptography?"</H3>

<P>I believe the would have. Our founding fathers were aware of
cryptography and used techniques to protect their correspondence from
prying eyes. In fact Thomas Jefferson, the author of the U.S. Bill of
Rights was a very capable cryptographer. Seed David Kahn calls
Jefferson "the Father of American Cryptography" in his book The
Codebreakers.</P>

<H3>"What does the fourth amendment actually say?"</H3>

<BLOCKQUOTE><P>"The right of the people to be secure in their
persons, houses, papers, and effects, against unreasonable searches
and seizures, shall not be violated, and no Warrants shall issue, but
upon probable cause,supported by Oath or affirmation, and
particularly describing the place to be searched, and the persons or
things to be seized."</P></BLOCKQUOTE>

<H3>"Aren't you making it easier for terrorists, drug dealers and
pedophiles?"</H3>

<P>Given how simple strong cryptography is, there is no reason to
think it can be kept out of the hands of criminals. Yet this "evil
troika" is constantly used to justify erosion of our civil liberties.
The most dangerous terrorists are trained to keep silent and the drug
industry has flourished despite decades of encryption-free
wiretapping.</P>

<P>There were 1186 wiretaps approved by state and federal judges in
the US in 1997. 73% were for drug cases. Even if each tap led to five
convictions, wiretaps would only account for a tiny fraction of the
US prison population -- now over one million.</P>

<H3>"Where can I learn more about CipherSaber?"</H3>

<P>Visit
<A HREF="http://ciphersaber.gurus.com">http://ciphersaber.gurus.com</A>
</P>

<P>
<HR>
<A HREF="mailto:arnold@iecc.com">Arnold G. Reinhold</A></P>

<P><A HREF="http://ciphersaber.gurus.com">Back to CipherSaber Home
Page</A></P>

<H5>Rev. 1988-8-25</H5>

<P>&nbsp;</P>

<P>&nbsp;</P>
</BODY>
</HTML>
