NCrypt - NMRC File Encryptor / Decryptor / Wiper
NCrypt is intended to give you security in an insecure environment. If you are wanting to encrypt files (particularly on a multi-user system where you don't have root), wishing to hide your activites from prying eyes, and want to "cover your tracks", then NCrypt is for you. It is a symmetrical file encryptor/decryptor that gives you the choice of the top three candidates for AES as the encryption algorithm (Rijndael, Serpent, Twofish), tries to minimize exposure of the plaintext password in memory, and can safely erase the plaintext version from the hard drive. It compiles without any extra crypto libraries, making it ideal for systems where you just have a compiler and basic libraries (such as an ISP's shell server).
- Open-source freeware.
- Unix and Win32 versions available.
- Should compile on any platform that supports standard C libraries (no dependencies upon crypto libraries). Currently supported are Linux platforms, although users report successful compilation on *BSD flavors.
- Use Rijndael, Serpent, or Twofish as the crypto algorithm. Rijndael is the AES selected candidate, Serpent came in second, and Twofish third. For details on AES and the selection process, check out http://csrc.nist.gov/encryption/aes/ for more information.
- The plaintext password is converted to a SHA-1 hash and immediately wiped from memory.
- Once the SHA-1 hash is used to make a key for encryption, the SHA-1 hash is wiped from memory.
- Optionally during encryption, the original unencrypted file can be erased with the drive space it occupied being overwritten in one of two ways -- either using the recommended methods from DoD standard 5220.22-M chapter 8, or using techniques outlined in Peter Gutmann's 1996 paper Secure Deletion of Data from Magnetic and Solid-State Memory. A "wipe-only" option is also available that is indepedent of the encryption process, for those times when you need to get rid of a file permanently without keeping an encrypted copy. The Unix version supports wiping of file slack as well.
- Random data streams used during file wiping use ISAAC PRNG for secure random data generation.
Links / Resources
- Latest Unix version is NCrypt 0.6.11
- Latest Linux-based RPM (tested on Fedora) is NCrypt 0.6.11
- Latest Linux-based source (tested on Fedora) is NCrypt 0.6.11
- Latest Win32 version is NCrypt 0.6.11
- General project information - http://sourceforge.net/projects/ncrypt/
- CVS: cvs.ncrypt.sourceforge.net
NCrypt implementation by Simple Nomad [thegnome at nmrc.org]. Extensive code review by Inertia [inertia at nmrc.org]. Additional coding by Todd MacDermid [tmacd at synacklabs.net]. Based upon code by Joh Johnson, which was taken from code by Gary Rancier, as well as code taken from Dave Whiting's Twofish implementation. Other code is based upon sample code from the excellent book "Building Secure Software" by John Viega and Gary McGraw.