Home    XP_CRYPT Online Help Prev Next
What is XP_CRYPT
System requirements
Free version limitations
End user license agreement
Installing XP_CRYPT
Installation procedure
What's new
Encryption methods overview
Asymmetric keys
Digital signatures
Symmetric encryption
Triple DES
Error codes
How to use GUI
Advanced technique (Old)
Table encryption (Old)
Troubleshooting overview

XP_CRYPT encryption methods overview

XP_CRYPT 3.6 supports:

Symmetric algorithms

Asymmetric algorithms


Digital signatures


The Advanced Encryption Standard, more commonly referred to as AES, is a block cipher with a block size of 128 bits and key sizes of 128, 192, and 256 bits. It was adopted by NIST as US FIPS PUB 197 in November 2001 after a 5-year standardization process.

AES was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. It is also known by the name in the original submission "Rijndael", something best pronounced as "Rine dahl" with a long "i" and a silent "e" for those that don't speak Dutch. Strictly speaking AES is not precisely the same as Rijndael, because Rijndael supports larger block sizes whereas AES has a fixed block size of 128 bits.

AES is fast in both software and hardware, is relatively easy to implement, and requires little memory. As the new block cipher standard it is currently being deployed on a large scale.


DESX is a strengthened variant of DES. The difference between DES and DESX is that, in DESX, the input plaintext is bitwise XORed with 64 bits of additional key material before encryption with DES and the output is also bitwise XORed with another 64 bits of key material. The security of DESX against differential and linear attack appears to be equivalent to that of DES with independent subkeys so there is not a great increase in security with regards to these attacks. However the main motivation for DESX was in providing a computationally simple way to dramatically improve on the resistance of DES to exhaustive key search attacks. The DESX construction is due to Rivest. 

Triple DES

The financial services industry has developed ANSI X9.52, a standard for Triple DES encryption, as one interim solution. In Triple DES, each 64-bit block of a message is encrypted with three successive DES operations rather than one, and the operations involve two or three different keys. Triple-DES offers an effective key size of 112 bits in typical applications, as opposed to 56 bits for DES -- but the encryption and decryption time per block is three times that of DES.


RC4 is a symmetric, secret key, stream cryptographic cipher designed by Ron Rivest. RC apparently stands for "Ron's Code". Also publicly known are the block ciphers RC2 and RC5. RC4 was initially a trade secret, but in September of 1994 an anonymous person reverse engineered it and posted it to the Cypherpunks mailing list. It quickly spread to Usenet on the sci.crypt newsgroup, and on to many sites on the Internet. Because the algorithm is known, it is no longer a trade secret. The name RC4 is trademarked. The current status seems to be that "unofficial" implementations are legal, but can't use the RC4 name. RC4 is often referred to as "ARCFOUR", to avoid possible trademark problems. It has become part of some commonly used encryption protocols and standards, including SSL, that is used for secure network web browsers.

RC4 is initialized from a secret key. Then it generates a "keystream" which is simply XORd with the plaintext to produce the ciphertext. Decryption is exactly the same as encryption. One reason for its popularity is its simplicity. The algorithm can be memorized and quickly implemented from memory. It uses 256 bytes of memory, S[0] through S[255], and it uses integer variables, i, j, and k. A message is encrypted or decrypted with this algorithm:

for i = 0...255
for i = 0...255
j=(j+S[i]+key[i mod key_length]) mod 256
swap S[i] and S[j]
loop until the entire message is encrypted/decrypted
i=(i+1) mod 256
j=(j+S[i]) mod 256
swap S[i] and S[j]
k=S[(S[i]+S[j]) mod 256]
output the XOR of k with the next byte of input

RC4 is one of the fastest ciphers to be widely used for serious work.

Cryptanalysis of RC4 is at a rather uncertain stage. Theoretical breaks may be possible if gigabytes of known plaintext/known ciphertext stream are available, but this is not necessarily a major problem in practice. In 2001 a new and surprising discovery was made: over all possible RC4 keys, the statistics for the first byte of output keystream are seriously non-random. It remains to be seen if this is an academic curiousity, or a sign of more serious problems to be discovered soon. Current implementations often discard the first 256 bytes of the stream to avoid potential problems.

As with all stream ciphers, RC4 is easily broken if the same key is used twice. This problem is usually solved by hashing the key with a unique initialization vector (IV) each time it is used, and sending the IV along with the message. 


RSA is an asymmetric algorithm for public key cryptography. Credit for its development is given to Ron Rivest, Adi Shamir and Len Adleman, who described the algorithm in 1977, the letters RSA being the initials of their surnames.

The security of the RSA system relies on the difficulty of factoring very large numbers. RSA is widely used in electronic commerce.

It should be noted that Clifford Cocks, a British mathematician working for GCHQ, developed an equivalent system several years earlier. His discovery, however, was not revealed until much later due to its top-secret nature.

The algorithm was patented by MIT in 1983 in the United States of America. The patent expired in September 2000. Since the algorithm had been published prior to the patent application, it could not be patented in other countries.


DSA is the USA national aproved digital signatures standard. DSA is similar to RSA public and private key system, but can not be used for encryption. It produces more effective and smaller signs.

Because the DSA authenticates both the identity of the signer and the integrity of the signed information, it can be used in a variety of applications. For example, the DSA could be utilized in an electronic mail system. After a party generated a message, that party could sign it using the party's private key. The signed message could then be sent to a second party. After verifying the received message, the second party would have confidence that the message was signed by the first party. The second party would also know that the message was not altered after the first party signed it.
In legal systems, it is often necessary to affix a time stamp to a document in order to indicate the date and time at which the document was executed or became effective. An electronic time stamp could be affixed to documents in electronic form and then signed using the DSA. Applying the DSA to the document would protect and verify the integrity of the document and its time stamp.


Creates UNIX compatible DES hash. Equivalent to UNIX crypt(1) and perl crypt() function.  Only first 8 chars are involved in this hash. This is more historical, then practical hash. 


The Secure Hash Algorithm (SHA), developed by NIST, along with the NSA, for use with the Digital Signature Standard (DSS) is specified within the Secure Hash Standard (SHS) [National Institute of Standards and Technology (NIST). FIPS Publication 180: Secure Hash Standard (SHS). May 1993.]. SHA-1 [National Institute of Standards and Technology (NIST). Announcement of Weakness in the Secure Hash Standard. May 1994.] was a revision to SHA that was published in 1994. The revision corrected an unpublished flaw in SHA.

SHA1 is a cryptographic message digest algorithm developed by Ronald L. Rivest . The Secure Hash Algorithm takes a message of less than 264 bits in length and produces a 160-bit message digest which is designed so that it should be computationally expensive to find a text which matches a given hash. i.e. if you have a hash for document A, H(A), it is difficult to find a document B which has the same hash, and even more difficult to arrange that document.


An algorithm created in 1991 by Professor Ronald Rivest that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.

When using a one-way hash function, one can compare a calculated message digest against the message digest that is decrypted with a public key to verify that the message hasn't been tampered with. This comparison is called a "hashcheck". MD5 described in RFC1321


Browser Based Help. Published by chm2web software.