FinalCrypt
BLUF:-
FinalCrypt is only a stream cipher in reality We’re sure that even with the best intentions it’s an all too frequent mistake, and not part of some dark conspiracy.
Full Circle magazine has been duped into this paradigm too. Along with the 15,246 unfortunate people who have to-date downloaded FinalCrypt and now think they’re protected by OTPs. Perhaps more effort with the entropy source and less with the slick style sheets and anime?
Interview in Full Circle magazine @ https://finalcrypt.org/docs/issue152_en.pdf#page=44 :-
“Then I got into discussion online with crypto experts who claimed that FinalCrypt actually was One-Time Pad Encryption, but broke OTP rules and could therefore not be 100% unbreakable. Then, inversion 2.6.0, I built-in a FIPS140-2 & RFC1750 compliant True Random Number Generator to generate OTP keys allowing manual OTP encryption, and, in version 5.0.0, I added Automatic Key generation,which allowed FinalCrypt to (batch)encrypt all files with One-Time Pad security by default.”
FIPS140-2 is pretty much useless for anything other than identification of catastrophic generator failure, such as one getting stuck outputting 1010101010101010...
. As proof, the following is output from a FIPS140-2 test of a text document simply compressed with 7z (stronger than PKZIP):-
$cat conspiracy.7z | rngtest
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: entropy source drained
rngtest: bits received from input: 26563528
rngtest: FIPS 140-2 successes: 1327
rngtest: FIPS 140-2 failures: 1
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=1250000000.000; avg=17577763070.814; max=0.000)bits/s
rngtest: FIPS tests speed: (min=16.790; avg=83.963; max=99.341)Mibits/s
rngtest: Program run time: 303869 microseconds
Doh! It passes well with only a single (expected) failure in the long runs test, thus creating the equivalence that FinalCrypt is just as good as the 7z compression algorithm for creating pseudo entropy. Not the cryptographic holy grail we were hoping for.
“One Time Pad Encryption keys have the following requirements:
- Key files have to be kept completely secret at all times
- Key files are at least equal in size to the file it encrypts
- Keys are created with a True Random Number Generator
- Key files may only be used once to encrypt a file
The above rules make One Time Pad encryption unbreakable.”
yet:-
“FinalCrypt uses the Oracle
java.security.SecureRandom
class as its cryptographic random number generator.”
The SecureRandom class is actually a pseudo-random number generator. It’s really really not a TRNG as required by list item 3 above. Depending on the individual user’s underlying Java 8 security policy, it may just be the lowest common denominator iterated SHA-1 algorithm.
When grasping for the OTP (holy grail) of encryption, we get depressed finding code like:-
final SecureRandom random = new SecureRandom();
(byte)(Math.round(Math.random()) & 0x1L);
messageDigest.update(System.nanoTime().byteValue());random.setSeed(messageDigest.digest());
Seeding an ‘unbreakable’ cryptographic tool from nanoTime is never clever. Nor remotely safe. So unfortunately…