Anti-Forensic-Software Measures
in Cryptosystem ME6

If an attacker convinces himself that an encryption method is not obviously weak then he is not likely to spend a lot of time attempting a simple brute force attack, which might take years. Instead he will examine the method of key generation to try to identify a de facto keyspace which is sufficiently small that a brute force attack, using keys within this keyspace, might be feasible (he will have no luck if you have used a random key, such as can be generated by the Cryptosystem ME6 software).

But frequently an attacker will not even bother to do this, but rather will look for instances of the plaintext that happen to be lying around on the hard disk. This is one of the main uses of so-called forensic software (used in criminal investigations and in legal discovery). You do not have to be a criminal for your computer to be subjected to the attentions of forensic software. If you arrive in the U.K. from, say, some Asian country, then customs officials may decide to examine your laptop to see if there are any (child) pornographic images on it (some officials have dirty minds and may assume that you have too). There will be, of couse, no such images on your laptop, but in the course of the search they may find your bank records, your travel plans and the confidential spreadsheets that you have prepared to assist you in your presentation to the board of your company at its London office.

Windows is a notoriously insecure operating system. It may leave copies of a file in various places on the hard disk even if you believe you have deleted that file (e.g., if you print a file then Windows makes a copy of the file for the print spooler, and after printing it the print spooler "deletes" the file in such a way that the text remains on the hard disk, waiting to be discovered by some forensic software unless those disk sectors happen to be overwritten first).

Wndows NT 5.0 and Windows 2000 sport an "Encrypting File System", but what Microsoft doesn't tell you is that when a file is encrypted a copy of it is first made; the copy is encrypted, the ciphertext is then written over the plaintext and the copy is then "deleted", again in such a way that the plaintext data is left lying around in disk sectors where it can be read by forensic software.

When you encrypt a file using Cryptosystem ME6 the program cannot know if there are copies of it lying around somewhere, but it can at least avoid creating any more. When you encrypt a file to a file with a different name then of course the plaintext remains. Here we will consider the case where the output file has the same name as the input file. What happens in this case is as follows:

Cryptosystem ME6 first opens a temporary output file. It reads the input file in blocks of about 8K in size and writes the encrypted blocks to the temporary output file. After each block is encrypted the memory buffers used for the plaintext, the ciphertext and the keytext are cleared (overwritten by zero bytes). (If there is a power failure during the encryption then the plaintext remains unaffected.) At the end of the encryption the input file is not simply deleted, rather is purged: it is overwritten five times with random bytes. After the original input file is deleted the temporary output file is renamed to have the same name as the input file. Thus after the encryption has been completed there is no plaintext left — there is nothing for forensic software to find (at least, nothing left by Cryptosystem ME6).

Cryptosystem ME6 Product Information
Cryptography Hermetic Systems Home Page