How does it work?

See for yourself

In LetsEncryptIt, we are very transparent about what we do and how we do it. That is one of our core values. At LetsEncryptIt we believe that you should understand what you will be doing with your files in order for us to earn your trust. Actually, we want to be so transparent that, if you read this page, you would be able to replicate what we did! It may seam stupid from our side, but revealing our secrets actually makes our product even more secure.

We are using high-end algorithms and methods to encrypt and decrypt your files: AES algorithm with a 128-bit key, with CBC and PKCS5Padding. For generating the 128-bit key our product generates an MD5 hash from a whatever-lenght password. This may seam a bit too technical, but we will walk you through it!

glasses

Advanced Encryption Standard (AES) algorithm:

An encryption algorithm is a process that transforms plaintext (original file) into ciphertex (encrypted file) and, of course, that defines the way of going back to the original file. AES is the standarization of the Rijndael algorithm, which was proposed by two Belgian cryptographers, Dr. Joan Daemen of Proton World and Dr. Vincent Rijmen, a postdoctoral researcher in the Katholieke Universiteit Leuven. On the 26th of November 2001, the National Institute of Standards and Technology (NIST, from the USA) chose the AES algorithm as the Federal Information Processing Standard. AES uses beautiful maths to accomplish its objectives, but we think that by knowing that the USA government (as many other companies such as banks) uses it to encrypt its sensitive information you can already understand why it is the most secure algorithm known to date.



128-bit key:

AES permits to choose among several options for keys and block sizes: 128, 160, 192, 224 and 256 bits. We have choosen to use 128 bits because we were looking for a product with strong encryption capabilities that would be still very efficient. Some companies use a 256-bit key, but we can tell you, this is a marketing strategy because using a 128-bit key, a brute force atack would still be unfeaseable. Or perhaps simply the person in charge of choosing the lenthg of the key didn't know much about cryptography, and he/she must have thought: "more must be better!".

Cipher Block Chaining (CBC):

Why do we need to use an additional algorithm to AES? Actually, AES defines how to encrypt a block. As we said AES can use different sizes of blocks. But... What is a block? When you encrypt a file, this file is cut into a lot of little chunks. Each chunk is called a block. And each block is encrypted separatelly. As you know, we use a small set of words in our speech, not all the dictionary every time we speak. Having 2 equal blocks wouldn't be such of a strange thing to happen. What happens if two blocks are the same? Some of you may have already discovered a problem that may appear... You don't want two ciphertext blocks to be the same! That is why you need to use a chaining algorithm. In addition, to guarantee that all the encrypted files look different, CBC chooses an IV (Initialization Vector) randomly and adds it to the cyphertext. This guarantees that each time you encrypt the same file you will get a different cyphertext. Why? Imagine that you are transmiting everyday the text "stay quiet", and one day you send "start bombing". If a third person has access to the encrypted texts, he would know that something was going to happen. Other block chaining approaches don't have this added security, so CBC seems to be a very good option.

cercle

PKCS5Padding:

Isn't the encrypted file already secure enough? What do we need this for? Very simple... We told you that the encrypting algorithm cyphers blocks, and those blocks have a fixed lenght. But a file usually won't be just exactly X blocks long. We solve this problem with Padding. Simplifying, padding is adding some bits to the file so it is exactly as long as it should be.



Message-Digest 5 algorithm (MD5):

Finally, our product is made so that you can choose whatever password you want. But you have also learned that AES forces you to choose a fixed-lenght key. How can we get the 128-bit key from the password? We are just using the MD5 hashing algorithm. A hashing algorithm is a process that transforms whatever lenght file (as big as you can imagine) in an established lenght string of bits called the digest or hash. It looks like a random string, but the digest from the same file will always be the same (as long as you use the same hashing algorithm of course!). If you change slightly the original file, the digest should come out completelly different. These algorithms are used to prove the integrity of a file (aka, nobody has modified the original file). MD5 is not the most secure hashing algorithm, it was craked in 2012 (or even before, 2012 was the year when the flaw was officially found). However, as we don't transmit, store or use otherwise the digest, our product doesn't get exposed to the flaws encountered. It is a fast algorithm, that makes our product secure without compromising the integrity of your encrypted file.



Everything sounds nice till now but... What do we do with your file? How can you be sure we don't use it in any way you don't want us to? The best thing about our program is that you can download and execute it in your own computer. Your file never leaves your computer, so you don't have to worry about how we treat your file, or be scared that we could eventually keep it. Because we never had it!

man and holograms

And why are we telling you all this? Wouldn't it be better just to not say how the product is built so an attacker would first have to find out the algorithm used and then try to crack it? Actually, publishing the algorithms is more secure than not doing it. There is a lot of literature explaining the reasons why but, in a nutshell, the idea is that if you publish it, you start having good guys and bad guys trying to crack it. The good guys will publish their findings in papers and the bad guys will just use their findings to attack your encrypted files.

Now, feel free to implement all this yourself! You can use our product to encrypt a file, program your own decrypter, and use it to go back to your original file! Have fun with it and, please, share your experience with us!