info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
New free encryption software released: CenoCipher
25 views
Skip to first unread message
CenoCipherSoftware
Jun 9, 2014, 10:55:04 PM6/9/14
to
In recognition of the huge current need for such tools, we have released
new completely free and extremely user-friendly messaging encryption
software for ensuring internet communication privacy.
CenoCipher 1.0
http://cenocipher.crypt.to
new completely free and extremely user-friendly messaging encryption
software for ensuring internet communication privacy.
CenoCipher 1.0
http://cenocipher.crypt.to
Live Long & Prosper
Jul 3, 2014, 3:09:33 PM7/3/14
to
CenoCipherSoftware <cenociphe...@nospam.com> wrote in
news:XnsA347E923484...@94.75.214.90:
I found a big hole in this s/w:
http://www.abacre.com/fileencryptor/index.htm
Supposed to be a super duper (many algorithms) program. They even gave me a
free key for pointing it out. Last time I checked, it had not been fixed.
(that was today)
So have you succeded in your statement from http://cenocipher.crypt.to
under details? I have included a copy below to refer too. I know I would
want ANY of my info to be written to disc!
=====
From the section on Details:
In addition, all efforts are made never to save any unencrypted data to
disk, either on the sender's or receiver's side of the operation, unless
absolutely necessary.
news:XnsA347E923484...@94.75.214.90:
http://www.abacre.com/fileencryptor/index.htm
Supposed to be a super duper (many algorithms) program. They even gave me a
free key for pointing it out. Last time I checked, it had not been fixed.
(that was today)
So have you succeded in your statement from http://cenocipher.crypt.to
under details? I have included a copy below to refer too. I know I would
want ANY of my info to be written to disc!
=====
From the section on Details:
In addition, all efforts are made never to save any unencrypted data to
disk, either on the sender's or receiver's side of the operation, unless
absolutely necessary.
CenoCipherSoftware
Jul 5, 2014, 1:57:05 PM7/5/14
to
"Live Long & Prosper" <sp...@the.helm> wrote in
news:XnsA35F9A348F6...@216.151.153.44:
> So have you succeded in your statement from http://cenocipher.crypt.to
> under details? I have included a copy below to refer too. I know I
> would[n't] want ANY of my info to be written to disc!
temporarily writes decrypted data to disk, and cannot avoid doing so:
1) If the encrypted cipher-package received by the recipient contains
one or more file attachments included along with the message text, then
upon successful decryption these files are by default held only in
volatile memory as part of a larger contiguous data block, with their
names displayed on-screen for the recipient to see, but their contents
not written to disk. If however the recipient then chooses to double-
click on the filename(s) (or click the "open" button) in order to
actually view/open those files with their corresponding default program
under Windows, then the file(s) in question must first be written to
disk in order for Windows to load them into the appropriate viewing
program, since it cannot process them otherwise.
For example if a file named NightSky.jpg was included in the cipher-
package, at first upon decryption its name would be shown and the
unencrypted bytes would only exist in memory as a non-demarcated portion
of the greater data block to which it belongs. Once the user decides to
view the Jpg in question, those bytes must be written to a temporary
folder on disk as a newly created file, and this new file then opened by
Windows using the default JPEG viewer or whatever. Windows simply cannot
access the NightSky.jpg file to open it, without its existing as a
physical file on disk first. However CenoCipher at least does not
perform this operation until such time as the user makes the decision to
open said file, and all such files are subsequently and automatically
deleted upon closure of the program.
2) If the received cipher-package is itself so gigantically large
(usually as a result of containing large/many included sub-files) that
it cannot be decrypted into a temporaty memory block because of its
excessive size, then the only option is to write the decrypted data blob
itself as a new file in a temporary folder on disk, and work with this
blob-file in the same way as would normally be done with a memory block.
Again, accessing individual files contained within this blob would
result in their being written separately to disk as well, and again all
files (individual and giant blob) are automatically deleted upon program
closure.
For this second case, we currently have the size-limit arbitrarily set
at 100 megabytes, where anything larger is decrypted onto a disk-blob
rather than into volatile memory. We could of course set it to a larger
figure, but are trying to accommodate older computers which do not have
huge amounts of system memory available.
Other disk-writes performed by CenoCipher are of course the encrypted
cipher-file being created and made available for sending as an email
attachment, and also a small config/preference file that is written upon
program closure in order to remember which program options (checkboxes,
menu selections etc) where chosen previously for restoration upon next
launch.
news:XnsA35F9A348F6...@216.151.153.44:
> So have you succeded in your statement from http://cenocipher.crypt.to
> under details? I have included a copy below to refer too. I know I
>
> =====
>
> From the section on Details:
>
> In addition, all efforts are made never to save any unencrypted data
> to disk, either on the sender's or receiver's side of the operation,
> unless absolutely necessary.
>
Presently there are only two scenarios under which CenoCipher
> =====
>
> From the section on Details:
>
> In addition, all efforts are made never to save any unencrypted data
> to disk, either on the sender's or receiver's side of the operation,
> unless absolutely necessary.
>
temporarily writes decrypted data to disk, and cannot avoid doing so:
1) If the encrypted cipher-package received by the recipient contains
one or more file attachments included along with the message text, then
upon successful decryption these files are by default held only in
volatile memory as part of a larger contiguous data block, with their
names displayed on-screen for the recipient to see, but their contents
not written to disk. If however the recipient then chooses to double-
click on the filename(s) (or click the "open" button) in order to
actually view/open those files with their corresponding default program
under Windows, then the file(s) in question must first be written to
disk in order for Windows to load them into the appropriate viewing
program, since it cannot process them otherwise.
For example if a file named NightSky.jpg was included in the cipher-
package, at first upon decryption its name would be shown and the
unencrypted bytes would only exist in memory as a non-demarcated portion
of the greater data block to which it belongs. Once the user decides to
view the Jpg in question, those bytes must be written to a temporary
folder on disk as a newly created file, and this new file then opened by
Windows using the default JPEG viewer or whatever. Windows simply cannot
access the NightSky.jpg file to open it, without its existing as a
physical file on disk first. However CenoCipher at least does not
perform this operation until such time as the user makes the decision to
open said file, and all such files are subsequently and automatically
deleted upon closure of the program.
2) If the received cipher-package is itself so gigantically large
(usually as a result of containing large/many included sub-files) that
it cannot be decrypted into a temporaty memory block because of its
excessive size, then the only option is to write the decrypted data blob
itself as a new file in a temporary folder on disk, and work with this
blob-file in the same way as would normally be done with a memory block.
Again, accessing individual files contained within this blob would
result in their being written separately to disk as well, and again all
files (individual and giant blob) are automatically deleted upon program
closure.
For this second case, we currently have the size-limit arbitrarily set
at 100 megabytes, where anything larger is decrypted onto a disk-blob
rather than into volatile memory. We could of course set it to a larger
figure, but are trying to accommodate older computers which do not have
huge amounts of system memory available.
Other disk-writes performed by CenoCipher are of course the encrypted
cipher-file being created and made available for sending as an email
attachment, and also a small config/preference file that is written upon
program closure in order to remember which program options (checkboxes,
menu selections etc) where chosen previously for restoration upon next
launch.
Live Long & Prosper
Jul 5, 2014, 3:23:07 PM7/5/14
to
CenoCipherSoftware <cenociphe...@nospam.com> wrote in
news:XnsA3618DF1CB0...@94.75.214.90:
That makes sense. There are SOME :) limitations to Windows that can't be
avoided. Knowing these a crafty user could make sure to take precautions
for that not to happen.
If I needed to view a sent file that was 'sensitive' I could save it to
an encrypeted drive (I still use TrueCrypt, even tho it is no longer
supported) and view it from there.
The 2nd is to keep your filesize smaller then memory or send encrypted
files attached seperatly using another encryption program (e.g. WinZip
or WinRAR or others) a bit of a pain, but if its security you want, you
take the precutions (not that I have anything to hide, I do this as a
hobby)
I played with your program and with the limited tools I have here I
cannot find and holes. I am by no means an expert, but do have a knack
for finding flaws.
Success in your new venture, ALWAYS good to have programs to choose from
and people who do that!
news:XnsA3618DF1CB0...@94.75.214.90:
avoided. Knowing these a crafty user could make sure to take precautions
for that not to happen.
If I needed to view a sent file that was 'sensitive' I could save it to
an encrypeted drive (I still use TrueCrypt, even tho it is no longer
supported) and view it from there.
The 2nd is to keep your filesize smaller then memory or send encrypted
files attached seperatly using another encryption program (e.g. WinZip
or WinRAR or others) a bit of a pain, but if its security you want, you
take the precutions (not that I have anything to hide, I do this as a
hobby)
I played with your program and with the limited tools I have here I
cannot find and holes. I am by no means an expert, but do have a knack
for finding flaws.
Success in your new venture, ALWAYS good to have programs to choose from
and people who do that!
Peter Fairbrother
Jul 5, 2014, 3:51:01 PM7/5/14
to
On 05/07/14 18:57, CenoCipherSoftware wrote:
> Presently there are only two scenarios under which CenoCipher
> temporarily writes decrypted data to disk, and cannot avoid doing so:
>
> 1) If the encrypted cipher-package received by the recipient contains
> one or more file attachments included along with the message text, then
> upon successful decryption these files are by default held only in
> volatile memory as part of a larger contiguous data block, with their
> names displayed on-screen for the recipient to see, but their contents
> not written to disk. If however the recipient then chooses to double-
> click on the filename(s) (or click the "open" button) in order to
> actually view/open those files with their corresponding default program
> under Windows, then the file(s) in question must first be written to
> disk in order for Windows to load them into the appropriate viewing
> program, since it cannot process them otherwise.
>
> For example if a file named NightSky.jpg was included in the cipher-
> package, at first upon decryption its name would be shown and the
> unencrypted bytes would only exist in memory as a non-demarcated portion
> of the greater data block to which it belongs. Once the user decides to
> view the Jpg in question, those bytes must be written to a temporary
> folder on disk as a newly created file, and this new file then opened by
> Windows using the default JPEG viewer or whatever. Windows simply cannot
> access the NightSky.jpg file to open it, without its existing as a
> physical file on disk first.
Err, no. Look up RAMDISK.
> Presently there are only two scenarios under which CenoCipher
> temporarily writes decrypted data to disk, and cannot avoid doing so:
>
> 1) If the encrypted cipher-package received by the recipient contains
> one or more file attachments included along with the message text, then
> upon successful decryption these files are by default held only in
> volatile memory as part of a larger contiguous data block, with their
> names displayed on-screen for the recipient to see, but their contents
> not written to disk. If however the recipient then chooses to double-
> click on the filename(s) (or click the "open" button) in order to
> actually view/open those files with their corresponding default program
> under Windows, then the file(s) in question must first be written to
> disk in order for Windows to load them into the appropriate viewing
> program, since it cannot process them otherwise.
>
> For example if a file named NightSky.jpg was included in the cipher-
> package, at first upon decryption its name would be shown and the
> unencrypted bytes would only exist in memory as a non-demarcated portion
> of the greater data block to which it belongs. Once the user decides to
> view the Jpg in question, those bytes must be written to a temporary
> folder on disk as a newly created file, and this new file then opened by
> Windows using the default JPEG viewer or whatever. Windows simply cannot
> access the NightSky.jpg file to open it, without its existing as a
> physical file on disk first.
But beware of file managers, they often store metadata on files even in
ramdisks.
There may be mount options of interest (I'm not a Windows guy).
> However CenoCipher at least does not
> perform this operation until such time as the user makes the decision to
> open said file, and all such files are subsequently and automatically
> deleted upon closure of the program.
>
>
> 2) If the received cipher-package is itself so gigantically large
> (usually as a result of containing large/many included sub-files) that
> it cannot be decrypted into a temporaty memory block because of its
> excessive size, then the only option is to write the decrypted data blob
> itself as a new file in a temporary folder on disk, and work with this
> blob-file in the same way as would normally be done with a memory block.
> Again, accessing individual files contained within this blob would
> result in their being written separately to disk as well, and again all
> files (individual and giant blob) are automatically deleted upon program
> closure.
>
> For this second case, we currently have the size-limit arbitrarily set
> at 100 megabytes, where anything larger is decrypted onto a disk-blob
> rather than into volatile memory. We could of course set it to a larger
> figure, but are trying to accommodate older computers which do not have
> huge amounts of system memory available.
And TELL THE USER if you do make such disk writes. And securely wipe
them as soon as possible.
But I must say, you don't really seem to know what you are doing. I'd be
surprised if there weren't more files written in normal use. You are
watching for swap conditions, of course? And you know programs like JPG
viewer will probably write something to disk as well?
> Other disk-writes performed by CenoCipher are of course the encrypted
> cipher-file being created and made available for sending as an email
> attachment, and also a small config/preference file that is written upon
> program closure in order to remember which program options (checkboxes,
> menu selections etc) where chosen previously for restoration upon next
> launch.
well.
Try no config file, full stop.
Lots of reasons, beginning with: what does the average luser know about
security? - damn all - so why trust him to make program option or
preference decisions? That's your job, not his, you are supposed to be
the expert.
*Everything* in a program affects security.
Then there's ID'ing a user from his preference file. Then .. but you get
the point, I'm sure. No config files.
I must add, again, I agree with Jens - you don't really seem to know
what you are doing.
-- Peter Fairbrother
CenoCipherSoftware
Jul 13, 2014, 3:56:54 PM7/13/14
to
"Live Long & Prosper" <sp...@the.helm> wrote in
news:XnsA3619C82A5A...@207.246.207.124:
> I played with your program and with the limited tools I have here I
> cannot find and holes. I am by no means an expert, but do have a knack
> for finding flaws.
>
> Success in your new venture, ALWAYS good to have programs to choose from
> and people who do that!
well. We will continue to make improvements and enhancements to the program
as we go along, and are always eager to both correct any issues discovered
and implement any useful feature suggestions accordingly.
Shadow
Jul 13, 2014, 5:03:45 PM7/13/14
to
for flaws in TrueCrypt (and publishing them so they can be patched)
rather than adding a nice interface ?
HTH
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
CenoCipherSoftware
Jul 13, 2014, 7:31:39 PM7/13/14
to
Peter Fairbrother <zenad...@zen.co.uk> wrote in
news:53b85725$0$1467$5b6a...@news.zen.co.uk:
> Err, no. Look up RAMDISK.
>
> But beware of file managers, they often store metadata on files even
> in ramdisks.
>
4 gigabytes of memory, administrator privileges, and ideally a 64-bit
system to work optimally, thus complicating the user experience and
greatly narrowing the range of mainstream users likely to benefit from
its inclusion. CenoCipher is designed to be usable by the largest
possible number of non-tech-savvy users, including those in regions
where older and less powerful computers are still in widespread usage.
Alternative optons such as memory-mapped files do exist, but all have
their own set of associated issues which create undesirable
complications for the user, such as trying to save a larger version of
an editable file (like .XLS for example) when it is mapped to
size-limited block in memory. Some variation of this approach may be
used in a future version, but only if it can be implemented seamlessly
and without being problematic to general use.
> Use a % of memory rather than a fixed physical size.
An easy enough adjustment to make in the next version. 100 megabytes was
just an arbitrary figure chosen for simplicity and test purposes. and
has no special significance.
> I'd> be surprised if there weren't more files written in normal use.
> You are watching for swap conditions, of course? And you know programs
> like JPG viewer will probably write something to disk as well?
Even Truecrypt admitted that it could not perfectly control things such
as swap and hibernation file usage by the OS, and thus suggested
full-disk encryption to be totally safe.
CenoCipher is not intended to be a Whole System Security Solution, but
rather a small and simple tool for sending encrypted communiques. Its
functional purpose is largeley identical to that of a PGP-enabled email
client, and as such it takes an equivalent amount of responsibility
(none) for comandeering or micro-managing local system processes
external to itself.
Message-and-file packets are secured while in transit, much as with PGP,
but once a user receives and chooses to work with such files locally on
his own machine, the responsibility for managing those entities is
transferred to said user.
CenoCipher is a postman who carries letters in a securely locked safe
from sender to recipient; not a security guard who stands in front of
the recipient's house and protects it in every conceivable way
thereafter. Disk-encryption tools already exist for that purpose.
> Try no config file, full stop.
>
> Lots of reasons, beginning with: what does the average luser know
> about security? - damn all - so why trust him to make program option
> or preference decisions? That's your job, not his, you are supposed to
> be the expert.
The config file holds trivial preferences related to the interface only,
such as whether the "Show Instructions" checkbox is ticked or not, or
whether the "Downloads" or "Documents" folder is selected from the drop-
down menu provided. Truecrypt and all other encryption software use
config files for similar purposes.
news:53b85725$0$1467$5b6a...@news.zen.co.uk:
> Err, no. Look up RAMDISK.
>
> But beware of file managers, they often store metadata on files even
> in ramdisks.
>
> Why does the ciphertext need to be written to disk? See RAMDISK above
> as well.
>
> as well.
>
> There may be mount options of interest (I'm not a Windows guy).
RAMDISK requires third party driver and software installation, more than
4 gigabytes of memory, administrator privileges, and ideally a 64-bit
system to work optimally, thus complicating the user experience and
greatly narrowing the range of mainstream users likely to benefit from
its inclusion. CenoCipher is designed to be usable by the largest
possible number of non-tech-savvy users, including those in regions
where older and less powerful computers are still in widespread usage.
Alternative optons such as memory-mapped files do exist, but all have
their own set of associated issues which create undesirable
complications for the user, such as trying to save a larger version of
an editable file (like .XLS for example) when it is mapped to
size-limited block in memory. Some variation of this approach may be
used in a future version, but only if it can be implemented seamlessly
and without being problematic to general use.
> Use a % of memory rather than a fixed physical size.
just an arbitrary figure chosen for simplicity and test purposes. and
has no special significance.
> I'd> be surprised if there weren't more files written in normal use.
> You are watching for swap conditions, of course? And you know programs
> like JPG viewer will probably write something to disk as well?
as swap and hibernation file usage by the OS, and thus suggested
full-disk encryption to be totally safe.
CenoCipher is not intended to be a Whole System Security Solution, but
rather a small and simple tool for sending encrypted communiques. Its
functional purpose is largeley identical to that of a PGP-enabled email
client, and as such it takes an equivalent amount of responsibility
(none) for comandeering or micro-managing local system processes
external to itself.
Message-and-file packets are secured while in transit, much as with PGP,
but once a user receives and chooses to work with such files locally on
his own machine, the responsibility for managing those entities is
transferred to said user.
CenoCipher is a postman who carries letters in a securely locked safe
from sender to recipient; not a security guard who stands in front of
the recipient's house and protects it in every conceivable way
thereafter. Disk-encryption tools already exist for that purpose.
> Try no config file, full stop.
>
> Lots of reasons, beginning with: what does the average luser know
> about security? - damn all - so why trust him to make program option
> or preference decisions? That's your job, not his, you are supposed to
> be the expert.
such as whether the "Show Instructions" checkbox is ticked or not, or
whether the "Downloads" or "Documents" folder is selected from the drop-
down menu provided. Truecrypt and all other encryption software use
config files for similar purposes.
CenoCipherSoftware
Jul 13, 2014, 7:48:18 PM7/13/14
to
Shadow <S...@dow.br> wrote in
news:0ss5s9pbaqbasf259...@4ax.com:
> Silly question, but wouldn't you be more productive looking
> for flaws in TrueCrypt (and publishing them so they can be patched)
> rather than adding a nice interface ?
CenoCipher isn't an interface for TrueCrypt, and has nothing to do with it.
It is just a tool for sending encrypted communiques as simply and easily as
possible, and is narrowly focused in that purpose.
While it's certainly feasble to use TrueCrypt (or 7-zip, or WinRAR, or any
other tool) to create encrypted containers for messages and files, doing so
is more tedious and cumbersome to repeat over and over again for
communication purposes, and less intuitive than using an email or
messaging-like interface.
CenoCipher is designed to just be an easy-to-use tool for mainstream users
who'd find it daunting to even try installing more robust and full-featured
software, and doesn't try to replace or compete with those higher-end
application suites.
news:0ss5s9pbaqbasf259...@4ax.com:
> Silly question, but wouldn't you be more productive looking
> for flaws in TrueCrypt (and publishing them so they can be patched)
> rather than adding a nice interface ?
It is just a tool for sending encrypted communiques as simply and easily as
possible, and is narrowly focused in that purpose.
While it's certainly feasble to use TrueCrypt (or 7-zip, or WinRAR, or any
other tool) to create encrypted containers for messages and files, doing so
is more tedious and cumbersome to repeat over and over again for
communication purposes, and less intuitive than using an email or
messaging-like interface.
CenoCipher is designed to just be an easy-to-use tool for mainstream users
who'd find it daunting to even try installing more robust and full-featured
software, and doesn't try to replace or compete with those higher-end
application suites.
Shadow
Jul 13, 2014, 10:32:13 PM7/13/14
to
Message-ID: <53c259bd$2$6710$9b4e...@newsspool2.arcor-online.net>
Quote:
//VeraCrypt is a free disk encryption software and that is based on
TrueCrypt//
I confess I didn't look any further than that ....
Chris M. Thomasson
Jan 8, 2022, 5:33:06 PM1/8/22
to
0 new messages