ASCIIWeb 1.0.2 Readme
What is it?
ASCIIWeb is like ASCIIEnc, only it's faster, better, and on the web!
What are the different files?
ASCIIWeb and ASCIIStatic are designed to encrypt text, for correspondence via email. Asciicode, in conjunction with the CodeFrag file, can be used to create self-decrypting web pages.
What is required to run it?
All that is needed to run ASCIIWeb is a javascript-capable web-browser - ASCIIWeb should work on any computer platform that meets this requirement. ASCIIWeb has been tested extensively on Macintosh G3s and G4s under OS9 and OSX, and on PIIIs under Windows 2000, and is known to work under these configurations.
How do I use ASCIIWeb?
First, drop the included .html file on your web browser to bring up the program. Next, you can enter your message in the Message text box. Then, you can type in your own password, or have the program generate a message-fitted random code block (for maximum security) or RLPassword (pseudonatural-language password) for you under Extra Options. If you are using the Iterated version, set how many times you want the algorithm to process your data (asciiweb lets you define iterations, asciistatic is preset to run 4 iterations). Then click Encrypt to generate ciphertext. To decrypt, paste your message, passphrase, and iterations into the appropriate boxes.
How do I use ASCIICode?
Operation of this program is similar to ASCIIWeb, except you paste your HTML code into the message box. Also, ASCIICode is set up like ASCIIStatic, with 4 standard iterations - to change this, you need to open up both the ASCIICode and CodeFrag files, and edit the code that defines the number of iterations (marked by an explanatory comment). Take the output from the program and paste it into a text file, and add the entire code from CodeFrag where indicated. When you open this webpage, you will be prompted for a password - once the file is decrypted, it is displayed in a new window. NOTE: ASCIICode is still very much in beta version - on occasion, the decrypted page will have problems on resizing. This problem is being looked into, and hopefully there will be a fix for it soon.
Is there any other way to access ASCIIWeb?
Sure, just go to http://www.scshop.com/~thetapi/asciiweb.html, and run it from the Theta Pi website! You can also find different versions of the algorithm at http://www.scshop.com/~thetapi/products.html.
How secure is AsciiWeb?
AsciiWeb is as secure as the password you set. If you create a random code block, unless anyone else is able to obtain a copy of that code block, the ciphertext is unbreakable, because a brute-force attack would come up with a near-infinite number of possible messages. A password the same length of the encrypted text should provide an equal amount of protection. Shorter passwords, since they are replicated to encrypt the entire text string, can be more easily brute-forced, but should still be prohibitive to all but the most determined if it is longer than 50 or so characters. Passwords 10 characters or less, or obvious passwords, are not reccomended, as they can be brute-forced easily under any encryption algorithm.
How does ASCIIWeb encryption work?
AsciiWeb is an implementation of a Vignere-style encryption scheme, where each character is shifted by a different value corresponding to the value of a character in the passphrase. For longer messages and shorter passphrases, the passphrase is repeated until the end of the message is reached. However, AsciiWeb improves on the Vignere cipher by encrypting using this method multiple times - and in each iteration, the password is recombined using a separate algorithm, meaning that each iteration is encrypted using a different passphrase, increasing the level of security against brute-force attacks. Similarly, because of the multiple iterations, even a correct brute-force solution would merely result in similar-looking gibberish as would a failed attempt - making decryption, without the initial (non-recombinated) passphrase, nearly impossible. However, someone with access to this program could potentially use it to brute-force a weak password from the front end, so always remember that your encryption is no stronger than the passphrase you use.
Why is this program better than the other quick-crypt programs on the web?
- Option of defining random code block for maximum data security
- Automatically creates Natural Language passwords
- No NilObjectClassException errors
- Takes up only 12k of disk space, compared to 500-2000k for quick-crypts and 5.7 MB for PGP
- Accessible from any computer via the Theta Pi Website
- Ability to create restricted web pages without having to use .htaccess
- Full algorithm source code available
- Constantly being updated - if you have a suggestion, I'll try to implement it
Versions, Credits, etc.
Version 1.0.2
- Added bulleted-password option for optimum security
- Reworked interface to eliminate incompatibility with Microsoft implementations of javascript
- Updated documentation
Version 1.0.1
- Maintenance release, fixes security weakness where the password was not hashed correctly
Version 1.0 Public Release
- Bug fixes
- Better implementation of iterations
- Linefeed problems fixed
- Added ASCIICode for HTML
Version 1.0 Alpha
- First Version. It works. It works!
This software is completely free, you don't have to pay a cent if you don't want to. However, the ASCIIEnc series, as well as ASCIIWeb and the other Theta Pi programs, are the product of many hours of programming and debugging. If you would like to give a donation to Theta Pi software, it would be greatly appreciated. If you are interested, contact thetapi@idlecircuits.com for a mailing address. If not, please at least send your impressions/suggestions/bugs to Theta Pi, so that I can work to improve the quality of the programs in the future.
©2001-2 David Kibrick. Software licensed under the GNU GPL.
For fast, secure, and free file encryption, I recommend using Tiny Cipher or Gnu Privacy Guard.
http://thetapi.idlecircuits.com/