Other Software > Announce Your Software/Service/Product

FrogTea

(1/2) > >>

berry:
What is FrogTea? FrogTea is a free, Windows based, encryption utility which allows you to create a secure*, stand alone, self-decrypting HTML archive which may contain either html or plain text content. These self-decrypting archives may be decrypted on any device which has a javascript capable browser.

For more information visit http://frogtea.com/index.html
cheers,
berry
NoteFrog developer
"NoteFrog - use it, don't lose it"
10/07/2012

* <a href="http://en.wikipedia.org/wiki/Cipher_security_summary">http://en.wikipedia.org/wiki/Cipher_security_summary</a> No demonstrated attack. Theoretical attack 2⁵⁹ chosen plaintexts - that's 576460752303423488 or half the size of all the printed material in the world.</p>
Note: FrogTea is a free utility from HTConsulting, the authors or NoteFrog.

IainB:
@Berry: When I read about this on the NoteFrog blog the other day, I thought it looked very interesting.
Thanks.

IainB:
I resurrected this old thread from @berry (of HTConsulting, author of the Notefrog clipboard information manager), because of the issues being discussed in this discussion thread: File Encryption - now effectively outlawed in the US?

FrogTea is a portable GUI built around the text encryption algorithm/tool xTea.
There were 4 releases of FrogTea by HTConsulting, available from the Frog Tea webpage - the original link to which seems to be defunct: http://frogtea.com/index.html

However, that page is still in Wayback, and the latest captured is here: https://web.archive.org/web/20150508165332/http://frogtea.com/index.html
That page has a link to the latest downloadable version of FrogTea.

Bear in mind that only the interface was changed in the 4 different versions, and the xTea component was apparently unaltered.

NB: It may be that use of FrogTea (xTea) is illegal in some countries.

(The text of the FrogTea webpage is copied below sans embedded hyperlinks/images. Any emphasised or reorganised text or added images are my changes.)
FrogTea?


Frog Tea
A Proper Cup of Tea by Peter Merich

What is FrogTea? FrogTea is a free, Windows based, encryption utility which allows you to create a secure*, stand alone, self-decrypting HTML archive which may contain either html or plain text content. These self-decrypting archives may be decrypted on any device which has a javascript capable browser. see Wikipedia: xxTea

While it will be a feature of the next release of NoteFrog Professional, we're also offering a stand alone utility which enables you to create secure* "FrogTea" archives of any text/html content you wish.

The encryption and decryption is done on your computer or mobile device. None of your data is ever sent over the internet.

Since it's secure* you may share the encrypted file with others - only those who have the password will be able to access the data content. You may load your encrypted html file on any device having a web browser which supports javascript, and decrypt it anytime you wish by opening the HTML file in the browser and decrypting it - right there in the browser - no internet access is necessary - no data is ever transmitted over the internet.
(Note: Since the self-decrypting file is totally self-contained, any references to external files or data must be fully qualified. If your decrypted content contains links to external web-based locations, clicking on those links WILL attempt to access the internet, but the only data transmitted from your device will be the URL request. If your decrypted output fails to access links or external data, look for non-qualified references in your original input file.)

To see it in action select this self decrypting file and decrypt it using the key "A Proper Cup of Tea" - try other keys if you wish.
FrogTea User Guide

* Start FrogTea, if it's not already running.
* You may obtain the completely stand alone utility here FrogTea beta. There is no installation. No system changes of any sort. Just download to a folder and run. (It's beta only in the sense of the user interface. The encryption is tried and proven (corrected) "Block Tea" - see Block TEA Tiny Encryption Algorithm. )
* tea window
* You may either select an html or text file to encrypt or use the current text contents of the clipboard. If you are using the clipboard content, you may elect to have line feeds/ new lines replaced with an html linefeed, otherwise your text may appear as one long line.
* Once you've selected an input option, click on the "Lock".
* If you've chosen to select a file, you'll be asked to select an input file. We're going to use a NoteFrog self-publishing stack export.
* Now assign a key. A key of at least 8 characters is recommended. Remember your key. It is not stored anywhere or available from the encrypted content.
* Re-enter the key for verification.
* You may enter an optional password "Hint", which will appear on the output HTML page.
* Now, select an output filename and location.
* The self-decrypting output file is created in the location specified. It is also opened in a browser window for verification.
* You may enter the key and verify the resulting output.
______________________________
*How secure is xTea?

* The published criticism is theoretical: http://eprint.iacr.org/2010/254.pdf - In fact, xTea has not been broken in practice. (The underlying data may be accessable if the user employed poor password technique, in which case ANY data encryption is vulnerable. Guessing a password is not breaking an encryption method. You should employ good password selection for all sensitive data.)


* http://en.wikipedia.org/wiki/Cipher_security_summary No demonstrated attack. Theoretical attack with 259 chosen plaintexts - that's 576,460,752,303,423,488 or half the size of all the printed material in the world.


* Simon Shepherd, Professor of Computational Mathematics Director of the Cryptography and Computer Security Laboratory, Bradford University, England. and http://www.tayloredge.com/reference/Mathematics/TEA-XTEA.pdf- How secure is TEA? Very. There have been no known successful cryptanalyses of TEA. It's believed to be as secure as the IDEA algorithm, designed by Massey and Xuejia Lai. It uses the same mixed algebraic groups technique as IDEA, but it's very much simpler, hence faster. Also it's public domain, whereas IDEA is patented by Ascom-Tech AG in Switzerland. IBM's Don Coppersmith and Massey independently showed that mixing operations from orthogonal algebraic groups performs the diffusion and confusion functions that a traditional block cipher would implement with P- and S-boxes. As a simple plug-in encryption routine, it's great. The code is lightweight and portable enough to be used just about anywhere.


* http://www.safemess.com/faq.php - How secure is the encryption? The encryption is secure enough for personal usage unless you have a government agency breathing down your neck.


* http://derekwilliams.us/docs/CPSC-6128-TEA-Encryption.pdf - In a practical sense, modified TEA (XTEA) with proper keys and adequate rounds is quite strong as an encryption algorithm. In an academic sense, as noted above, unmodified TEA has a published related key weakness that reduces the effective key length from 2128 to 2126 and could result in a partial attack with 234 chosen plaintexts. Unfortunately, this often gets misrepresented that TEA is inherently weak and should not be used.


* My important passwords are stored online in an xTea encrypted archive at My xTea passwords - click the "random" button.


* © htconsulting 2012
--- End quote ---

f0dder:
Don't use.

It's unmaintained software, the source is not available, TEA should be considered broken, and the page doesn't mention whether the algorithm is being used in EBC or a chained mode, nor whether any key stretching is being used for the input passphrase.

IainB:
Oh, so its apparently not of much use then? I had not known that.

Navigation

[0] Message Index

[#] Next page