Wartime spies' code gets new life on CD

By RICHARD WOOD

An Auckland firm has built encryption software it claims offers the highest level of encryption available, but a local expert questions its practicality.

DeCipher's Ciphertxt uses the well-known "one-time pad" system to encrypt or scramble text files for document storage, or for sending documents in emails.

It was used as a manual system in World War II and relies on the sender and the receiver both having the same secret "keys" of random characters.Each character of the message is coded against a separate random character in the key.

Aucklanders Mike and Sue Spence have put a 5000-page key on to CDs which also contain the encryption software.

Each part of the key is used only once, and when 5000 pages are done, a new key CD must be obtained.

Auckland University encryption researcher Peter Gutmann said putting a one-time pad key on a CD was not a new idea.

Ideally, the person sending the message should create the key, otherwise you were dependent on the security of the process that created it and put it on a CD.

The software appears like any other basic text editor, but with one button to encrypt and another to decrypt.

As you encrypt, the text changes to gobbledegook as you watch, and back to your original characters when you decrypt.

Mike Spence said DeCipher burned its own CDs in a secure location.

"That is the only way to do it. You must maintain total security."

He said each key only existed on the CDs. If the CDs were lost, there was no way to recreate the key and decipher your documents.

Gutmann said there were other concerns.

The more CDs there were, the less secure the system became because you were relying on each owner to hold the CD securely.

Also, he said, you had to get the CDs to each person in the group and unless you were going to meet them all face-to-face you were reliant on the security of delivery as well.

Spence said that for maximum security the product was designed for small groups such as directors of a company.

For mass internet applications, a public key system such as the freely available Pretty Good Privacy would be a better option.

Spence agreed that the security of the CDs' contents was paramount when distributing them.

The CDs could be obtained only by signed-for security post with instructions to watch out for any tampering.

He said that if you were not meeting other parties face-to-face, this precaution was also recommended for sending the disks.

Spence said the CDs must be regarded like house keys and kept securely.

The software is very simple - a basic text editor and three security functions: encrypt, decrypt and how much is left of the key.

So far it works on plain-text format and RTF format files. Spence is creating a plug-in for Microsoft Word for the next release.