Solved

Does a encrption program exist the incorperates a time bomb.

Posted on 2003-12-04
3
177 Views
Last Modified: 2013-12-04
By this I mean if you open up a file with a password/key past a certain date it becomes corrupted.
So the password has a life span.
To reactivate the file you have to enter in a new password/ key that the user has to get from HQ


Cheers
Justin
I hope this makes sence
0
Comment
Question by:JustinJGreenland
3 Comments
 
LVL 1

Accepted Solution

by:
chrish4321 earned 250 total points
ID: 9893471
Well, I don't know of any product that attempts to do this off the top of my head, but even if there were such a product, it would be hard to make it very secure.  Take this scenario, for example:

1. you use such a program,and encrypt a file.  You set it to expire in a week.
2. Two weeks later, Mallory, having gotten access to your encrypted file, a copy of the program, and your password, want to get the file, even though it's expired.  If he runs the program the way he's supposed to, the file self destructs.  However, he'd just set his computer clock back a week, thereby fooling the program into accepting the wrong date, and giving him the file.  Even if the program "rembers" how long it's been installed, like some shareware programs do, this isn't cryptographically secure, and anyway he could just set his clock back before he installs the program.  

Now, if the program securely "phoned home" to a trusted internet sight to get the date, it would be tougher to trick but still not impossible.  Mallory could just write his own decryption program that paid no attention to the date, since traditionally, you want _all_ of your security to come from the key (password), and not from the program used to encrypt/decrypt.  

I can think of a scheme, using a trusted third party, that might work, but I know of no extant services that do this, and anyway, it has several disadvantages.  

You could encrypt the file, then XOR the key (password) with a random secret bit string.  You keep the XOR, throw away the original key, and send the random bit string to the third party, who keeps it securely for the specified time period.  

Before the time period expires, this third party would give the secret bit string to you once you've verified your identity with them, allowing you to XOR your secret and theirs to get the original key.  Once the time period has expired, the third party destroys their secret, forever destroying the original key.  

This idea has lots of holes, and there are probably better solutions in the cryptographic litterature, but essentially, you're stuck if you just want a stand alone Windows program that will (securely) refuse to decrypt a file after a certain amount of time.  Maybe you could do the splitting up of keys yourself, and destroy the key after a certain period of time.  

Now, having said all this, I do know there are email services that will destroy emails after a certain amount of time has passed.  Of course, you have to trust that they're not keeping a copy for themselves, but the solution is attractive for those who don't want records of what they've writeen lying about in other people's inboxes.  

Here's a link off of google: http://www.self-destructing-email.com/.  I know _nothing_ about these people and you probably shouldn't blindly trust what they say, or even what I reccommend, if you're truly concerned about security.  Look around for other services, I'm sure they're there.  

So, to sum up, no, I don't think there's any such program around, and if there were, I wouldn't trust the "expiration date" part of it to be secure.  

0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now