This document gives a brief explanation of how !Stealth works and why it is
believed to be secure. It is also intended to give you confidence in this
software. You should never trust security software if the methods used by it
are not completely transparent and open to analysis and review by experts.


How is the data encrypted?
==========================

When a directory is encrypted, it is first compressed into a zip archive.
The zip file is then encrypted with the Blowfish cipher in CBC mode. This
cipher, which was created by the renowned cryptographer Bruce Schneier, has
been studied for many years by cryptography experts, and there are no known
effective cryptanalytic attacks against it. The encrypted version of the zip
file is stored inside the Stealth file. There is no known way for anyone
without a knowledge of the passphrase to distinguish the encrypted data from
purely random data.


Are the passphrases stored anywhere?
====================================

No! The SHA1 message digest (hash) of the passphrase is used to create a key
for the Blowfish cipher. SHA1 is a cryptographic hash function, which means
that it produces a fixed-length output for any input data. It is a 'one-way
function', i.e. it is computationally infeasible to find a message which
produces a particular hash. The hash of the hash is stored in the Stealth
file; from this it is impossible in practice to determine the hash itself
and hence the key used to encrypt the data. Incidentally, SHA1 is believed
to be much more secure than the older MD5 message digest used in some
previous programs.


What information is stored in the Stealth file?
===============================================

In addition to the encrypted data, the Stealth file contains the total
number of available volumes, the hashes of the hashes, and the length of
each of the encrypted zip files. The actual number of encrypted directories,
which may be smaller than the total number of available volumes, is not
stored anywhere. When the Stealth file is first generated, a set of random
dummy 'filelengths' (with 'reasonable' values!) is written to the Stealth
file. This prevents an attacker from determining which volumes actually
contain encrypted data and which just contain random data. The hashes of the
hashes of the passphrases cannot be distinguished from random data, and this
also gives no clue as to which volumes have been used to store anything.


What is the format of the Stealth file?
=======================================

The first byte gives the number of available volumes (allowed range: 1-255).
The next 20 bytes contain the hash of the hash of the passphrase for volume
1; the next 5 bytes give the length of the encrypted zip file for volume 1;
and this is followed by the encrypted file itself. All this is followed by
the same data for volume 2, and so on.


How are the random numbers generated?
=====================================

The most important random numbers (strictly speaking, pseudorandom numbers)
used by the program - those initially filling the entire Stealth file - are
generated by means of the CryptRandom module by Theo Markettos. Unlike the
output created by the BASIC function RND, which is purely deterministic,
this module produces cryptographically useful random numbers which are much
less predictable.


How is the original data securely wiped?
========================================

This is done by overwriting each of the original files, as well as the zip
file, 10 times with cryptographically strong random data generated by the
module CryptRandom.
