secure FAQ


Q.   What does the SECURE program do?

A.  Several things. In simple terms, the SECURE program makes a file private. The program first tries to compress the input file (files that are not already compressed can be compressed by the SECURE program.) Then, SECURE encrypts the file. Finally, SECURE removes any trace of the original file. The SECURE-encrypted file is always an encrypted version of the original file and is usually smaller than the original file. The same program restores the original file to anyone who knows the password that was used to encrypt the file.

Q.   Are you giving away the program for free?

A.  No. You can try the program for 30 days to decide if you like it. To own the program, you must purchase a copy.

Q.   Are you giving away the source code for free?

A.  No.

Q.   Can I encrypt many files at once?

A.  Yes. This is explained in the Help pull-down menu "Using SECURE". You can select several files for processing within a list of files by clicking the filename to start processing and then by "shift-clicking" the filename further down in the list to stop processing. A "shift-click" means holding the shift key down when doing the mouse click.

Q.   Why can't SECURE compress every file?

A.  Some files are already compressed. Files that are already tightly compressed (zip files, etc.) will not be compressed further by SECURE. On the other hand, medium to large size text files will be considerably smaller when compressed by SECURE.

Q.   How important is the password?

A.   Very important. The most vulnerable part of any password-based encryption program is the password itself. The most devastating attack against a sophisticated encryption program is called the "brute force attack." The brute force attack means trying every single character and symbol combination of various lengths to get into the system. That is why password selection is so important. (Note: more information on passwords were added to this FAQ by the author of SECURE.)

Q.   64-bit, 128-bit, 400-bit encryption??? What are the details of the SECURE algorithm?

A.   The SECURE program greatly exceeds 400-bit encryption. The most secure encryption method is called the "one-time pad" when the length of the key exceeds the length of the message (or file).

For example, if a 200k file was encrypted with a key length of 300k (2,400,000-bit encryption) there would be ABSOLUTELY no chance of decrypting the file IF you had only the encrypted file. My algorithm does not implement the one-time pad in every instance. However, the "developed" key length is so long that, for small files, the method I use is equivalent to a one-time pad. The password entered by the user is only one ingredient when developing that super-long key (on the fly) for a file being encrypted by my SECURE program.

Part of my SECURE algorithm ensures that the user's password is never stored in the encrypted file or on disk. Therefore, even I cannot decrypt a file that was encrypted by someone else (and I'm the author of the SECURE program!)

However, ALL password-based encryption programs are subject to a very devastating attack called the "brute force" method of attack. That means trying to reconstruct the user's password using every possible character combination for various-length passwords. For longer passwords, the number of password possibilities are so large that it would be extremely difficult, if not impossible (even using a computer), to try every possibile combination. Of course, a copy of the program would also be needed because such an attempt depends upon the user's password AND the algorithm used to develop the key.

Please understand that, in any password-based system, the password is the weakest part of the system as explained here and elsewhere in the FAQ.

There are many fine books on encryption. If anyone has a sincere interest in learning more about encryption, I suggest reading a few of those books.

Since numerous people have asked me for details on the SECURE algorithm, I decided to add this information to my FAQ instead of responding to all individual requests for information.

Q.   What is the format of a SECURE-encrypted file ?

A.   When the SECURE program encrypts a file, it produces something called a "binary non-executable file." That means the resulting (encrypted) file contains binary data but it cannot be run as a program can. If someone has the correct password, the SECURE program can restore the encrypted file back to the original file.

It is important to note that the encrypted file is NOT a text file. Although this is common sense, you should not, under any circumstances, try to modify, shorten, lengthen, append data to, or in any other way alter a SECURE encrypted file because then the file will be corrupted and will not be able to be decrypted.

Q.   How strong is the SECURE encryption algorithm ?

A.   Many people have asked to see the encryption algorithm.
Looking at the algorithm would not help in decrypting a SECURE-encrypted file for the reason stated in this FAQ. The program is only as good as the password. The user's password is not stored in the encrypted file or on the user's disk. Therefore, if the person using SECURE forgets his or her password, even the author of the SECURE program would have no way of recovering the original file.

Q.   Can I purchase your algorithm or the source code?

A.   No. Only the program (executable) is for sale.

Q.   Why should I purchase your program instead of a different encryption program?

A.   The choice is yours, of course. There are well over 200 different encryption programs available on the market. You are free to choose the one you want. The SECURE program, due to the strength of encryption, is for sale only in the United States.

Password Selection (note by author)

Using the English alphabet (upper and lower case) plus numbers 0 to 9 in a 6-character password yields a total of 56,800,235,584 different possibilities (62 to the sixth power.) Please examine the table below:

Password Length versus Password Possibilities

Password Length Password Possibilities
        1 62
        2 3,844
        3 238,328
        4 14,776,336
        5 916,132,832
        6 56,800,235,584

So, the number of possibilities for a password length of six is over 56 billion.  In any password encryption program, password selection is very important. A very advanced and sophisticated encryption algorithm does not compensate for a poor choice of password. As stated here and elsewhere, using any six letter English word (such as "action", "manner", and "zipper" ) are very poor choices for a password. For your password, use something that cannot be found in a dictionary.

Back


SECURE Program™ Copyright © 1999 Scott Wenger   All Rights Reserved.