TINYFISH - A BLOWFISH TINY VERSION This code is based on TINYIDEA, by Fauzan Mirza. Author: 'Anonymous' (This code is therefor PUBLIC DOMAIN) Optimization and Documentation by 'Dutra de Lacerda' *** INTRODUCTION: BLOWFISH is an encryption algorithm created by Bruce Schneier, the author of the most respected "APPLIED CRYPTOGRAPHY" Manual. TINYFISH is implemented in a different way I would have done it: TINYFISH is optimized for size and flexibility while my version is for ease of use, fool-proof and with security independent from intensity of usage (TinyFish fails on this one). TINYFISH is a 'carry-anywhere' tool. *** INSTALLATION: Put TINYFISH.COM on a Directory in the PATH. Copy the file "PI" to the root of your drive "C:\". *** USAGE: Once you are ready to start, run it as follows... at the Prompt: TINYFISH + plainfile {Enter} ; to encrypt, or TINYFISH - cryptfile {Enter} ; to decrypt. *** ADVANCED: Since TINYFISH uses stdin and stdout for entering the passphrase, redirection will be available, meaning the passphrase can be inputted from a file... and the echo can be sent to the NUL file. IMPORTANT: The Password, in a file, MUST end with a NewLine!!! TINYFISH + plainfile < passfile > nul {Enter} TINYFISH - cryptfile < passfile > nul {Enter} Additionally, when encrypting many files with common headers AND using the same passphrase, the encrypted versions are the same until the plaintext files differ (this happens because no I.V. is used). Do NOT use it this way... Change the header in those files with some garbage data... This is a suggestion... and a warning. *** TECHNICAL: This code (TinyFish) uses 32-bit register instructions, so it will not run on CPUs older than the 386 (like 8088, 8086, 80186, V20, 20286). Will run on 386sx, 386, 386Dx and every 486 or newer CPUs. No check on the running CPU is made though. Sorry! Assembly was done using the excellent A386 Assembler, a successor of the excellent A86 assembler only available to A86 registered users. Even A386 being suggested you may (?) use any other assembler. The BLOWFISH algorithm can be used with ANY block chaining mode; TINYFISH uses a CFB mode variation (as in TinyIdea) because it simplifies decryption. In this CFB mode variation the algorithm operates only on the CFB buffer; it is then XORed with the data to achieve the output. The CFB buffer is then updated with the output, to further blocks processing. For decryption it is only necessary to reverse the order of update and XOR. BLOWFISH (and TINYFISH) requires initialization of the it's WorkData with Random Data. This is done by loading the digits of PI as initial values as part of the standard initialization procedure. However: *ANY* other Random File will do. PI is only a very reliable source. PI Data is in a separate file, named PI, which must be kept in the same directory from where TINYFISH.COM is called, or in the root directory "C:\" which is a better choice. Using the "c:\" will eliminate directory searching and allow the use of only one file for PI... also allow the usage of 'private' PI files in your work directories, if you desire, thus increasing security. To use 'private' PI files, i do suggest to encrypt a PI file duplicate, in your work directory, and then encrypt it with any 'garbage' password. By 'garbage' we understood a password that will be forgotten and never used again. Then you may use a NULL password just pressing . *** SECURITY: BLOWFISH (used by TINYFISH) is a 16 round Feistel network, of 64-bit blocks and with a 448 bit keyspace. Non-keyboard characters can be used as input by using Alt-[numeric keypad] to enter the decimal ASCII code for any character. You may use a file to store HUGE passwords, but remember that means the password becomes dependent from your PC physical security. IMPORTANT: This also applies to the PI file variants when a NULL password is used!!! At the present time there is no known cryptographic attack cracking a standard 16-round BLOWFISH encryption. This means security is password dependent... Meaning you should use BIG passfrases (or passfiles if you have confidence on your machine's physical security. Personally i would use a local PI file variant and use a passFRASE... But you should know your own needs better. Regards to All, Dutra de Lacerda P.S. - You may what to check my own "BLW-CBC.EXE", also with Sources in Tpascal: Search for "BLWC" in a FTP search engine as the Basic Name is BLWCBC??.ZIP