A Proper Cup of Tea by Peter Merich
While it will be a feature of the next release of NoteFrog Professional, we're also offering a stand alone utility which enables you to create secure* "FrogTea" archives of any text/html content you wish.
The encryption and decryption is done on your computer or mobile device. None of your data is ever sent over the internet.
To see it in action select this self decrypting file and decrypt it using the key "A Proper Cup of Tea" - try other keys if you wish.
Start FrogTea, if it's not already running.
You may obtain the completely stand alone utility here FrogTea beta. There is no installation. No system changes of any sort. Just download to a folder and run. (It's beta only in the sense of the user interface. The encryption is tried and proven (corrected) "Block Tea" - see Block TEA Tiny Encryption Algorithm. )
You may either select an html or text file to encrypt or use the current text contents of the clipboard. If you are using the clipboard content, you may elect to have line feeds/ new lines replaced with an html linefeed, otherwise your text may appear as one long line.
Once you've selected an input option, click on the "Lock".
If you've chosen to select a file, you'll be asked to select an input file. We're going to use a NoteFrog self-publishing stack export.
Now assign a key. A key of at least 8 characters is recommended.
Remember your key. It is not stored anywhere or available from the encrypted content.
Re-enter the key for verification.
You may enter an optional password "Hint", which will appear on the output HTML page.
Now, select an output filename and location.
The self-decrypting output file is created in the location specified. It is also opened in a browser window for verification.
You may enter the key and verify the resulting output.
The published criticism is theoretical: http://eprint.iacr.org/2010/254.pdf - In fact, xTea has not been broken in practice. (The underlying data may be accessable if the user employed poor password technique, in which case ANY data encryption is vulnerable. Guessing a password is not breaking an encryption method. You should employ good password selection for all sensitive data.)
http://en.wikipedia.org/wiki/Cipher_security_summary No demonstrated attack. Theoretical attack with 259 chosen plaintexts - that's 576,460,752,303,423,488 or half the size of all the printed material in the world.
Simon Shepherd, Professor of Computational Mathematics Director of the Cryptography and Computer Security Laboratory, Bradford University, England. and http://www.tayloredge.com/reference/Mathematics/TEA-XTEA.pdf- How secure is TEA? Very. There have been no known successful cryptanalyses of TEA. It's believed to be as secure as the IDEA algorithm, designed by Massey and Xuejia Lai. It uses the same mixed algebraic groups technique as IDEA, but it's very much simpler, hence faster. Also it's public domain, whereas IDEA is patented by Ascom-Tech AG in Switzerland. IBM's Don Coppersmith and Massey independently showed that mixing operations from orthogonal algebraic groups performs the diffusion and confusion functions that a traditional block cipher would implement with P- and S-boxes. As a simple plug-in encryption routine, it's great. The code is lightweight and portable enough to be used just about anywhere.
http://www.safemess.com/faq.php - How secure is the encryption? The encryption is secure enough for personal usage unless you have a government agency breathing down your neck.
http://derekwilliams.us/docs/CPSC-6128-TEA-Encryption.pdf - In a practical sense, modified TEA (XTEA) with proper keys and adequate rounds is quite strong as an encryption algorithm. In an academic sense, as noted above, unmodified TEA has a published related key weakness that reduces the effective key length from 2128 to 2126 and could result in a partial attack with 234 chosen plaintexts. Unfortunately, this often gets misrepresented that TEA is inherently weak and should not be used.
My important passwords are stored online in an xTea encrypted archive at My xTea passwords - click the "random" button.
© htconsulting 2012