FrogTea?

Frog Tea

A Proper Cup of Tea by Peter Merich

What is FrogTea? FrogTea is a free, Windows based, encryption utility which allows you to create a secure*, stand alone, self-decrypting HTML archive which may contain either html or plain text content. These self-decrypting archives may be decrypted on any device which has a javascript capable browser. see Wikipedia: xxTea

While it will be a feature of the next release of NoteFrog Professional, we're also offering a stand alone utility which enables you to create secure* "FrogTea" archives of any text/html content you wish.

The encryption and decryption is done on your computer or mobile device. None of your data is ever sent over the internet.

Since it's secure* you may share the encrypted file with others - only those who have the password will be able to access the data content. You may load your encrypted html file on any device having a web browser which supports javascript, and decrypt it anytime you wish by opening the HTML file in the browser and decrypting it - right there in the browser - no internet access is necessary - no data is ever transmitted over the internet. (Note: Since the self-decrypting file is totally self-contained, any references to external files or data must be fully qualified. If your decrypted content contains links to external web-based locations, clicking on those links WILL attempt to access the internet, but the only data transmitted from your device will be the URL request. If your decrypted output fails to access links or external data, look for non-qualified references in your original input file.)

To see it in action select this self decrypting file and decrypt it using the key "A Proper Cup of Tea" - try other keys if you wish.

FrogTea User Guide

Start FrogTea, if it's not already running.

You may obtain the completely stand alone utility here FrogTea beta. There is no installation. No system changes of any sort. Just download to a folder and run. (It's beta only in the sense of the user interface. The encryption is tried and proven (corrected) "Block Tea" - see Block TEA Tiny Encryption Algorithm. )

tea window

You may either select an html or text file to encrypt or use the current text contents of the clipboard. If you are using the clipboard content, you may elect to have line feeds/ new lines replaced with an html linefeed, otherwise your text may appear as one long line.

Once you've selected an input option, click on the "Lock".

If you've chosen to select a file, you'll be asked to select an input file. We're going to use a NoteFrog self-publishing stack export.


Now assign a key. A key of at least 8 characters is recommended.
Remember your key. It is not stored anywhere or available from the encrypted content.


Re-enter the key for verification.

You may enter an optional password "Hint", which will appear on the output HTML page.

Now, select an output filename and location.

The self-decrypting output file is created in the location specified. It is also opened in a browser window for verification.

You may enter the key and verify the resulting output.

*How secure is xTea?

The published criticism is theoretical: http://eprint.iacr.org/2010/254.pdf - In fact, xTea has not been broken in practice. (The underlying data may be accessable if the user employed poor password technique, in which case ANY data encryption is vulnerable. Guessing a password is not breaking an encryption method. You should employ good password selection for all sensitive data.)

http://en.wikipedia.org/wiki/Cipher_security_summary No demonstrated attack. Theoretical attack with 259 chosen plaintexts - that's 576,460,752,303,423,488 or half the size of all the printed material in the world.

Simon Shepherd, Professor of Computational Mathematics Director of the Cryptography and Computer Security Laboratory, Bradford University, England. and http://www.tayloredge.com/reference/Mathematics/TEA-XTEA.pdf- How secure is TEA? Very. There have been no known successful cryptanalyses of TEA. It's believed to be as secure as the IDEA algorithm, designed by Massey and Xuejia Lai. It uses the same mixed algebraic groups technique as IDEA, but it's very much simpler, hence faster. Also it's public domain, whereas IDEA is patented by Ascom-Tech AG in Switzerland. IBM's Don Coppersmith and Massey independently showed that mixing operations from orthogonal algebraic groups performs the diffusion and confusion functions that a traditional block cipher would implement with P- and S-boxes. As a simple plug-in encryption routine, it's great. The code is lightweight and portable enough to be used just about anywhere.

http://www.safemess.com/faq.php - How secure is the encryption? The encryption is secure enough for personal usage unless you have a government agency breathing down your neck.

http://derekwilliams.us/docs/CPSC-6128-TEA-Encryption.pdf - In a practical sense, modified TEA (XTEA) with proper keys and adequate rounds is quite strong as an encryption algorithm. In an academic sense, as noted above, unmodified TEA has a published related key weakness that reduces the effective key length from 2128 to 2126 and could result in a partial attack with 234 chosen plaintexts. Unfortunately, this often gets misrepresented that TEA is inherently weak and should not be used.

My important passwords are stored online in an xTea encrypted archive at My xTea passwords - click the "random" button.

© htconsulting 2012