5 Dec 07
This program is dedicated to Dr. Mike.
Most file encryptors use methods that rely on the theory of computational security, that is difficulty of key factorisation prevents decryption of the
file. But this method may not work forever. It used to be considered that a 56 bit key was unbreakable to brute force attacks, but the government of the
USA now requires all Top Secret data to use keys of at least 192 bits. This bar will keep raising as computing power increases. (It is argued by some
though that this will never happen due to the laws of physics!) XorIt is designed to use conventional XOR encryption on keys that are the same size as the
file to be encrypted. Furthermore, if you use an unpredictable file that is the same size (or larger) than the original file and you use this file only
once, this is known as a "one-time pad" and it is completely unbreakable, even to computers 1000 years from now. This is because there is no algorithm at
all, just a big key, and thus there is no pattern to follow once you have decrypted any part of the file. Thus attempts to decrypt it could result in any
file, and there would be no way to verify that it has decrypted correctly.
XorIt is a simplified version of our program CryptIt.
Notes on XOR encryption methods
System Impact Statement
Licence and Registration
Run "Setup.exe" and follow the instructions. To remove XorIt, use the "Add/Remove Programs" option in the Control Panel. XorIt
stores all its data files in the designated application data area, often "C:\Documents and Settings\USERNAME\Application Data\Sinner\XorIt". If you
would prefer that it saves in the same directory as XorIt either run the program from a removable drive, such as a floppy of a USB drive, or delete the
"DefSet.txt" file from the XorIt directory.
When a file is XORed with another file for the purpose of encryption decryption is easy; just do it again! This is because the mathematical way to reverse a
XOR is to XOR it. Thus there is no need to explain Encryption and Decryption as the process is the same either way.
First select the file to be XORed by either pressing the first "Choose" button and browsing for it, or by dragging a file onto the XorIt window.
Any file is acceptable providing it is less than 4GB and has an extension. (I.e. Filename.XXX) Next you select the Cryption file to XOR the source with. You
can do this by either pressing the second "Choose" button and browsing for it, or by dragging a file onto the XorIt window. The XOR method is
especially powerful if you choose a Cryption file that is larger than the source, as most decryption programs work by looking for patterns. You can also
choose a large file, but not use it all. To do this you simply enter in a lower number in the "Use XXX Bytes" window.
Next you select where the output files will go, the default being the same folder as the source. You can select it by using the "Choose"
button, or by dragging a directory onto the "XorIt" window. You can use the combo box to reset to the "Desktop", or you should select
either "Neat Folder" or "Folder". If "Neat Folder" is selected than a directory will be created from the first eight letters
of the source filename (E.g. If the file is called "HardCore.jpg" then a directory called "HardCore" will be the default.), otherwise
the folder will be as selected. Change this if you prefer something else, but make sure that there is no new directory in your selection. (I.e. New
directories will NOT be created.)
It is extremely important to note that the file is Encrypted, not password locked. The difference being that there is no storing of the code itself
anywhere - the whole file is mathematically scrambled based on the file you select. If you forget/lose the Cryption File there is no way at all to
decrypt the file. (I.e. We cannot help!)
Once you are ready, press the "XorIt!" button and the file will be encrypted.
As an additional feature, XorIt is set to be an On Top window. To turn this off simply Right Click on the title bar and deselect "On Top
Notes on XOR encryption methods
Any encryption is breakable... except if you use an unpredictable key file that is equal or larger than the file itself and you use it once only.
When keys are used like this it is known as a One-Time Pad encryption. One-Time Pad encryption is un-breakable because it is just as likely that the file
anything other than the original file. Attempts to decrypt it could result in any file, and there would be no way to verify that it has decrypted
correctly. If you use the key again then there is a chance that a hacker could
use parts common to both and partially extract the key, and then be able to partially extract the original files. This is extremely hard with only two
files, but if you used the same key on varied files for 10+ times and you then lost all of these files then there is a decent chance that someone with
sufficient time, motivation and skill could extract most of the key. (Less biased and better explained details can be found on
Wikipedia and Here.) The
key also cannot be any form of a stream cipher as this negates most of the advantages of the method. This is because once any part of a stream cipher encrypted
file is decrypted, it is possible to then decrypt the rest of the file given sufficient skill and processing power. However, if a non-stream cipher is used
then even if some part of the file is decrypted, that does not mean the whole file is compromised.
(The Blum Blum Shub pseudorandom number generator generator is one of the current exceptions to this rule, as while it is believed to be possible to
reverse a stream from it, there are no cases of it actually happening.)
Unpredictable keys are hard to generate, and it is even harder to be sure that they are actually unpredictable. Some scientists believe that even
radioactive decay follows predictable patterns. If you are using XorIt for small messages you could seriously consider generating your own the old fashion way
(picking letters out of a hat) but this method is not practical for large files. When designing these programs we initially felt that people making/finding
their own unique keys was part of the security, but in hindsight, this concept was wrong. It is too hard for many people to do this, even if they do
understand the concepts of what makes a good key. For this reason we have written our own and included it in our program
GigAlarm which makes files based on the variance between the CPU clock and the system clock. The
results from the CPU clock function have been excellent when tested using ent, a well respected random file
In short, XorIt encrypts files by logically applying "Exclusive Or" to each byte, using the Key file/string. The key needs to be
unpredictable and not contain repetitions, especially of "nulls", to be secure. The weakness of the method is that you need to have a way of distributing
the keys as well if you want to send an encrypted message. If you have a secure method of transporting the keys (one user gives CDs full of keys and then
encrypts his EMails) then the method works well. Otherwise it is best used for encrypting personal data where there is no need to transport the key.
OTP encryption is often dismissed as "Snake Oil". This is largely because of a few software companies using stream ciphers and claiming that
it is a OTP and thus unbreakable. CryptIt and XorIt are not like that. We do not use any secret algorithm, the only formula in CryptIt and XorIt is
"XOR" itself. Nor do we provide raw key material, claim that the OTP does not need to be transferred or that it is easy to use. Please do not
group us in this category. If you want easy and secure encryption, use any other method. If you want unbreakable encryption, try CryptIt or XorIt.
This program is a simplified version of my program CryptIt. Expansion of this program is unlikely as its purpose is to be a bare-bone XOR encrypter. If
you want more features then I recommend you try CryptIt. This version is a general clean-up and tweak version. No new features have been added.
System Impact Statement
We go to great lengths to reduce system impact, but we feel that it is still important to explain here what our programs do to your
system. If you feel we are missing something, or you need further clarification, please contact us.
|Registry||XorIt does not use the registry. The installer that comes with XorIt uses the registry only
for the required un-installation data, and not at all if you use the "Extract Only" mode.
|System Settings||XorIt does not change any system settings.
|Files||All of its program files are stored in the installation directory, and all of its data files are stored in the
designated application data area, often "C:\Documents and Settings\USERNAME\Application Data\Sinner\XorIt". If you would prefer that
it saves in the same directory as XorIt either run the program from a removable drive, such as a floppy of a USB drive, or delete the
"DefSet.txt" file from the XorIt directory. These directories can be opened via the About box.
|Network||XorIt and its installer do not access the internet in any way, but the ReadMe does have three graphic files that are
stored on the internet. (They are not used as web-beacons, merely spacers and images for the payment processors.)
|CPU||XorIt can be very demanding on the CPU when encrypting.
|Memory||XorIt needs around 50 MB while encrypting.
|1.01||On Top Toggle
|1.02||Tweaks and bugfixes
|1.1||Internal revision, speed improvements, and interface changes
Licence and Registration
Permission is given to evaluate XorIt for a period of 30 days. After this time you are required to either register or remove XorIt.
Permission is given for all forms of distribution, including CD compilations and Websites, providing the ZIP file is unaltered and it is
made clear that XorItis a Shareware program and that registration is required for continued usage. XorIt can be registered using PayPal,
Reg.Net or Mail. For details on the terms of our licences and of our Buy-Three-Get-All policy please refer to the
XorIt is a copyrighted work and thus permission is not given for you to decompile, disassemble, modify, translate, enhance or create
derivative works from this program. If you feel that you need to do any of those actions, and that those rules do not apply to you, contact
|PayPal $8.00 USD||
|Reg.Net $8.50 USD Bulk deals are also available here.||
|Mail, Cash $8.00 USD or $10 AUD||Postal details in About box
|Mail, Australian Cheque $10 AUD||
|Mail, Non-Australian Cheque $15 USD||
|PayPal $100 USD||
|Reg.Net $100 USD||
|Mail, Cash or Cheque $100 USD or $75 AUD||Postal
details in About box
Sinner Computing accepts no liability for this software to the maximum extent allowable by law. Installing this software is the decision
of the installer, and signifies that you agree with this liability statement. Thus, any damage/loss caused by the use of this software is
not in any way the responsibility of Sinner Computing. This includes, but is not limited to, physical damage and loss of income/time. In no
event shall the maximum liability of Sinner Computing exceed the registration fee paid by the user, if any. Because some jurisdictions do
not allow the exclusion or limitation of liability for consequential or incidental damages, in such jurisdictions the liability of Sinner
Computing shall be limited to the extent permitted by law. If at any time you do not find these conditions agreeable you are required to
remove this software.
Advice/insults (on the subject of the program, not the programmer) are always welcome. To help users keep up to date we send out
newsletters whenever there is a major new version of XorIt. To join this list simply send an
EMail with "XorADD" in the subject. To be removed from this list, write an EMail
with "XorREMOVE" in the subject. (Sinner Computing does not sell your EMail address or any other personal information to anyone.)
In addition, we have a RSS feed that is updated whenever there is a new version of any program.