Solved

Does a encrption program exist the incorperates a time bomb.

Posted on 2003-12-04
3
183 Views
Last Modified: 2013-12-04
By this I mean if you open up a file with a password/key past a certain date it becomes corrupted.
So the password has a life span.
To reactivate the file you have to enter in a new password/ key that the user has to get from HQ


Cheers
Justin
I hope this makes sence
0
Comment
Question by:JustinJGreenland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
chrish4321 earned 250 total points
ID: 9893471
Well, I don't know of any product that attempts to do this off the top of my head, but even if there were such a product, it would be hard to make it very secure.  Take this scenario, for example:

1. you use such a program,and encrypt a file.  You set it to expire in a week.
2. Two weeks later, Mallory, having gotten access to your encrypted file, a copy of the program, and your password, want to get the file, even though it's expired.  If he runs the program the way he's supposed to, the file self destructs.  However, he'd just set his computer clock back a week, thereby fooling the program into accepting the wrong date, and giving him the file.  Even if the program "rembers" how long it's been installed, like some shareware programs do, this isn't cryptographically secure, and anyway he could just set his clock back before he installs the program.  

Now, if the program securely "phoned home" to a trusted internet sight to get the date, it would be tougher to trick but still not impossible.  Mallory could just write his own decryption program that paid no attention to the date, since traditionally, you want _all_ of your security to come from the key (password), and not from the program used to encrypt/decrypt.  

I can think of a scheme, using a trusted third party, that might work, but I know of no extant services that do this, and anyway, it has several disadvantages.  

You could encrypt the file, then XOR the key (password) with a random secret bit string.  You keep the XOR, throw away the original key, and send the random bit string to the third party, who keeps it securely for the specified time period.  

Before the time period expires, this third party would give the secret bit string to you once you've verified your identity with them, allowing you to XOR your secret and theirs to get the original key.  Once the time period has expired, the third party destroys their secret, forever destroying the original key.  

This idea has lots of holes, and there are probably better solutions in the cryptographic litterature, but essentially, you're stuck if you just want a stand alone Windows program that will (securely) refuse to decrypt a file after a certain amount of time.  Maybe you could do the splitting up of keys yourself, and destroy the key after a certain period of time.  

Now, having said all this, I do know there are email services that will destroy emails after a certain amount of time has passed.  Of course, you have to trust that they're not keeping a copy for themselves, but the solution is attractive for those who don't want records of what they've writeen lying about in other people's inboxes.  

Here's a link off of google: http://www.self-destructing-email.com/.  I know _nothing_ about these people and you probably shouldn't blindly trust what they say, or even what I reccommend, if you're truly concerned about security.  Look around for other services, I'm sure they're there.  

So, to sum up, no, I don't think there's any such program around, and if there were, I wouldn't trust the "expiration date" part of it to be secure.  

0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question