info.txt

e-maill文件加密程序完整的源代码

Information for the StealthMail 2.1 Win95/98 encryption program

Version 2.1 corrects a flaw in the cipher used in
StealthMail 2.0 and fixes some other minor bugs
in the program. Version 2.1 is NOT compatible with
version 2.0 and will not read version 2.0 keyfiles.

    Strong conventional encryption w/192-bit keys.
    Uses 64-bit IV's and Salts.
    Richtext format for messages.
    LZSS compression for attachments:
    Encryption/compression in a single pass of file.
    Toolbar style keeps desktop free for your Email client!
    No key-recovery or other intentional flaws.
    Built-in KeyChest stores keys for up to 255 friends.

Notes related to Key management:

    The cipher in StealthMail uses a key-expansion
    similar to RC4, so the cipher in StealthMail has
    the same problem that keys like "AB" are the same
    as "ABABABAB". With long keys this should be OK.

    Minimum key length allowed is 20 printable characters.
    Keys are not case sensitive. Each character equals 6-bits.
    So 20 characters is a 120-bit key. Keys can be up to 32
    characters. (192-bits)

    Key management is all manual. No public-key crypto
    is used in StealthMail 2.1. However, the program stores
    up to 255 Contacts/Conventional-keys. A 120-bit key
    should be secure, but for safety, you can change keys
    with your contact as much as you like.

Other program notes:

    The program was designed to skip over the From:/To:
    section of an Email. This is so you can use "Select All"
    in Windows to copy an Email to StealthMail. The problem
    is that if the Email has anything (like advertising)
    following the encrypted part of the Email, it won't work.
    In that case, you must highlight and copy the text.

    For security, StealthMail does not store the file/message
    length un-encrypted in the data. So, if you decrypt
    a file/message with the wrong key, the decompression
    code will give you a file probably longer than it
    should be. (it would be garbage anyway) For messages,
    just select the right contact, and redo it. (if you get
    a memory error, just ignore it) For files, delete the
    file to recover the space, and redo it.

    The LZSS compression method may actually benefit an
    exhaustive key search; however, it is irrelevant because
    the Microsoft richtext format may provide some known
    plaintext to an attacker. If you do not believe that a
    192-bit key is enough to deflect your attacker, do not
    use this program.