The first point of TinyCrypt is to both compress and encrypt your file VERY quickly... hopefully faster than your computer can read and write the file. This makes it a win-win-win: less disk space, better security, and faster access. It's compression is based on the super-fast LZO compression library. The encryption is even faster. The second point is simplicity.  The core encryption algorithm is only 55 lines of C code, and the main function is only 8 lines.

TinyCrypt is based on ARC4("Alleged RC4"), which is the same algorithm used in WEP, which has been cracked. However, TinyCrypt uses commonly suggested techniques to overcome the limitations of ARC4, defeating known attacks. In particular, a 20-byte random value is used to insure that keys are not reused, and the first 768 bytes are thrown away.  This modified form is called ARC4-DROP(768).  With these enhancements, ARC4 apparently has not been cracked. As I know of no simpler, faster algorithm, it's used here.

The testARC4 utility (included with TinyCrypt) uses just plain ARC4 encryption without any enhancements to verify that the lower level encryption code functions correctly. It's useful for verification against known good encrypted files, but should not be used to encrypt valuable data.

TinyCrypt is developed on Linux, but should easily compile on other platforms. If you need assistance, please send e-mail to bill@billrocks.org.

You can download TinyCrypt here.

As a fun challenge, consider trying to decrypt challenge.enc. I'm not rich enough to offer any decent prize, but I'll send you $200, and change the algorithm!  To make it easier, I'll tell you that the file has a few sentences I've written in English which include a plaintext copy of the password I used to encrypt it, and is then followed by a complete copy of the modcrypt.c file used to encrypt it.  The exact modcrypt.c file can be found here.  You already know the majority of the plaintext data!  The SHA1 digest of the plaintext is 294b22068de98b48237813001e252e005882f2dd.

Please understand that TinyCrypt is new code, and though simple, could have bugs that reduce it's security.  Critical data should use older, better tested code.  For a description of the security of ARC4-DROP, see this paper.

SourceForge.net Logo