Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Does a encrption program exist the incorperates a time bomb.

Posted on 2003-12-04
3
181 Views
Last Modified: 2013-12-04
By this I mean if you open up a file with a password/key past a certain date it becomes corrupted.
So the password has a life span.
To reactivate the file you have to enter in a new password/ key that the user has to get from HQ


Cheers
Justin
I hope this makes sence
0
Comment
Question by:JustinJGreenland
3 Comments
 
LVL 1

Accepted Solution

by:
chrish4321 earned 250 total points
ID: 9893471
Well, I don't know of any product that attempts to do this off the top of my head, but even if there were such a product, it would be hard to make it very secure.  Take this scenario, for example:

1. you use such a program,and encrypt a file.  You set it to expire in a week.
2. Two weeks later, Mallory, having gotten access to your encrypted file, a copy of the program, and your password, want to get the file, even though it's expired.  If he runs the program the way he's supposed to, the file self destructs.  However, he'd just set his computer clock back a week, thereby fooling the program into accepting the wrong date, and giving him the file.  Even if the program "rembers" how long it's been installed, like some shareware programs do, this isn't cryptographically secure, and anyway he could just set his clock back before he installs the program.  

Now, if the program securely "phoned home" to a trusted internet sight to get the date, it would be tougher to trick but still not impossible.  Mallory could just write his own decryption program that paid no attention to the date, since traditionally, you want _all_ of your security to come from the key (password), and not from the program used to encrypt/decrypt.  

I can think of a scheme, using a trusted third party, that might work, but I know of no extant services that do this, and anyway, it has several disadvantages.  

You could encrypt the file, then XOR the key (password) with a random secret bit string.  You keep the XOR, throw away the original key, and send the random bit string to the third party, who keeps it securely for the specified time period.  

Before the time period expires, this third party would give the secret bit string to you once you've verified your identity with them, allowing you to XOR your secret and theirs to get the original key.  Once the time period has expired, the third party destroys their secret, forever destroying the original key.  

This idea has lots of holes, and there are probably better solutions in the cryptographic litterature, but essentially, you're stuck if you just want a stand alone Windows program that will (securely) refuse to decrypt a file after a certain amount of time.  Maybe you could do the splitting up of keys yourself, and destroy the key after a certain period of time.  

Now, having said all this, I do know there are email services that will destroy emails after a certain amount of time has passed.  Of course, you have to trust that they're not keeping a copy for themselves, but the solution is attractive for those who don't want records of what they've writeen lying about in other people's inboxes.  

Here's a link off of google: http://www.self-destructing-email.com/.  I know _nothing_ about these people and you probably shouldn't blindly trust what they say, or even what I reccommend, if you're truly concerned about security.  Look around for other services, I'm sure they're there.  

So, to sum up, no, I don't think there's any such program around, and if there were, I wouldn't trust the "expiration date" part of it to be secure.  

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question