Crypto Text is a text editor based on the fictional OrdoEmacs editor Randy uses in Cryptonomicon. The basic principle is that if you need to edit a highly confidential text file, you don't ever want to write that file to disk in plain format, even temporarily. There are lots of programs that will encrypt your files, but this isn't good enough if you are as paranoid as Randy...
"...Returning to his seat, Randy fires up OrdoEmacs, which is a marvelously paranoid piece of software invented by John Cantrell. Emacs in its normal form is the hacker's word processor, a text editor that offers little in the way of fancy formatting capabilities but does the basic job of editing plain text very well. Your normally cryptographically paranoid hacker would create files using Emacs and then encrypt them with Ordo later. But if you forget to encrypt them, or if your laptop gets stolen before you get a chance to, or your plane crashes and you die but your laptop is sieved out of the muck by baffled-but-dogged crash investigators and falls into the hands of federal authorities, your files can be read. For that matter it is possible even to find ghostly traces of old bits on a hard drive’s sectors even after the file has been overwritten with new data. OrdoEmacs, on the other hand, works exactly like regular Emacs, except that it encrypts everything before writing it out to disk. At no time is plaintext ever laid down on a disk by OrdoEmacs — the only place it exists in its plain, readable form is in the pixels on the screen, and in the volatile RAM of the computer, whence it vanishes the moment power is shut down. Not only that, but it’s coupled to a screensaver that uses the little built-in CCD camera in the laptop to check to see if you are actually there. (Move Action can do this)
As well as being a cryptographic text editor, Crypto Text can encrypt any piece of text for you and place it into an "output window" where it can be easily copied to the clipboard. This can be useful if you want to encrypt a piece of text and send it in an email, for example - obviously the person you are sending it to will need a copy of Crypto Text as well as the password used.
The program is very simple to use, doesn't require any installation and it comes with all the Delphi source code for you to inspect/modify if you desire - this is very important for any cryptographic software and gives you the confidence that there are no nasty trojans, spyware or anything else that could compromise your security (if you downloaded the software from a 3rd party site it would be worth downloading it from this site again to be sure you haven't got a "poisoned" version with a bad payload).
Here's a screenshot showing how Randy Waterhouse might have used such a program to encrypt his notes whilst travelling. Credits: it uses the DCPcrypt component by David Barton.
Download Crypto Text and source
Additional paranoia 1: memory overwriting
Crypto Text is actually more paranoid than OrdoEmacs. I envisaged a scenario where somebody was using it to encrypt some text when the secret police burst through the door. Now my laptop takes at least five seconds to shut down, by which time the secret police will have you on the floor in handcuffs whilst their computer expert starts trawling through your laptop's memory. Therefore, the split second you shut Crypto Text down it not only clears the two windows containing the ciphertext and the plaintext, it then proceeds to fill them up with random garbage in a last ditch attempt to overwrite your computer's volatile RAM where your incriminating plaintext might still be found (it also dumps garbage onto the clipboard). I've also added an "instant shutdown" button on the toolbar - clicking this will immediately destroy any plaintext in memory and then trigger a full Windows shutdown - note that it doesn't prompt for any confirmation so make sure you don't click this accidentally!
Additional paranoia 2: Anti-keylogging
Strong encryption isn't always sufficient to protect your communications. For example, the secret police could break into your house and install a keylogger on your computer which records every keystroke you make and uploads the details to their server. To try and provide some protection against keyloggers, Crypto Text uses my anti key-logging component for the main editor and the passphrase controls - this generates a random number of fake keystrokes for every real one so that the characters you type will be hidden among a load of garbage characters, making it very difficult for anyone to extract the real keys you typed. You can enable/disable this function as enabling it may cause some keys to not function normally, particular if you are a fast typist. Important - I cannot guarantee this will defeat all keyloggers - please read the details on the web page for more information. If you have Windows Vista it appears that you can beat the KGB keylogger (and possibly others) by simply running a program as Administrator - I found that running CryptoText (or any other program e.g. Notepad) as Administrator prevents the keylogger capturing your keystrokes even without any other specific measures - I'm not sure whether this is something Microsoft have added deliberately or whether is just accidental, but it's a useful precaution you can take if you have Vista.
Additional paranoia 3: Plaintext compression
Crypto Text also offers the option to compress the plaintext prior to encryption. This makes it harder to perform cryptanalysis on the message. This option can be switched on or off using the button on the top taskbar. Note that if compression was switched on during encryption it must also be switched on when decrypting a message.
Technical notes
Firstly, let me point out that this program uses only the standard and tested encryption algorithm, AES. This is for your safety - do not trust programs that claim to have "unbreakable hacker-proof encryption", or anything with a "revolutionary and top-secret new encryption technique". Refer to http://www.schneier.com/crypto-gram-9902.html#snakeoil for signs on how to spot dodgy encryption software. AES provides extremely strong crypto when used correctly and with long enough keys.
Notes on key strength:
The AES (Rijndael) algorithm is approved for TOP SECRET information by the US Government (when 256-bit keys are used). However, Crypto Text works by taking a SHA-256 hash of the passphrase and using this as the AES key, therefore it is essential to choose a long passphrase to ensure a decent level of security. If you choose "password", or favourite football team as your passphrase you aren't going to get the full benefit of using a 256-bit AES key!!!
Wiping your Windows swap file
Windows may swap some memory to your hard disk if you have a large number of programs open. It would be fairly difficult for anyone to access the contents of this file, but for additional security you can ensure that your swap file is wiped when you shut Windows down. To do this, set the following Registry key value to 1 (the default is 0 which means your swap file will not be wiped)
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown
If you are uncomfortable editing the Windows registry, I have provided a small program that can toggle this setting for you, click here for the program and source code
How safe are 256-bit keys?
Maybe you are concerned that with advances in technology, pretty soon an average games console will be able to crack 256-bit keys and all your carefully-encrypted messages will be readable. Think again! As an exercise, try to imagine you had a computer with a 256-bit register, i.e. it is a machine with 256 switches that can be either on or off. Imagine that these switches are extremely efficient and require very little energy to toggle. Now try and guess how much energy it would take to cycle this computer through every single possible combination of switches, i.e. 2^256 combinations. What do you think would be required? An AA battery? What about a car battery? Well, Bruce Schneier has calculated that just to cycle through a 219-bit register would require the energy output of an average supernova. So how much energy to compute the other 37 bits? Sounds like we're almost there, doesn't it? Wrong. From 2^219 to 2^256 means doubling the number of combinations another 37 times - and for this, he calculates you would need the energy of 130 billion supernovae! Schneier puts it like this: "256-bit keys are safe until computers are built from something other than matter and occupy something other than space."
Movie effects
In the movies, when the hero is decrypting the villain's top-secret file (normally by guessing the password), you always get a large flashing screen as the data is decrypted, or a huge red "ACCESS DENIED" if the password is incorrect - see http://www.annoyances.org/exec/show/article09-127. I thought it would be fun to add this kind of feature to Crypto Text. However, as this slows the program down it can be switched off by clicking the "movie board" icon on the toolbar. The effects have no bearing whatsoever on the program's functionality except to slow it down a bit.
Building the software
To build the software you will need these additional components
If you have any questions or want to report a bug please drop me a line at
Crypto Text 1.9.5
Crypto Text 1.9.4
Crypto Text 1.9.3
Crypto Text 1.9.2