

  Serpent Strong Encryption Plugin for Back Orifice 2000
  
  Copyright (C) 1999, Daniel Roethlisberger
  
  Version 1.2, August 29th, 1999



------[ Description ]

  This is a plugin for the remote administration suite Back
  Orifice 2000 (BO2K) from the one and only, the Cult of the
  Dead Cow (cDc). Released at DEFCON 7, BO2K was subject to
  massive hype even weeks before the actual release of it.
  
  This plugin adds Serpent encryption capability to your BO2K,
  with or without CBC-Mode. The strongest available encryption
  for BO2K, exactly as secure as CAST-256, but a lot faster.
  Again: As simple as that. Isn't that great?



------[ Security Considerations ]

  Serpent offers the strongest encryption power known to Back
  Orifice 2000. It is as secure as CAST-256. Serpent uses user
  keys of 256 bits length (Comparison: CAST-256 256 bits,
  TripleDES 168 bits, IDEA 128 bits). There are no known
  practical attacks against the algorithm. The plugin
  implements both ECB and CBC modes for either improved
  security (CBC) or more transport flexibility (ECB).

  The British algorithm Serpent is one of the round 2
  candidates for the Advanced Encryption Standard AES, which
  will be the successor of the Data Encryption Standard (DES).
  I used a testedm, independant implementation of Serpent, and
  I used the official MD5 reference implementation from RSA.
  
  To sum it up: I would call Serpent absolutely secure at
  present and future technology level.



------[ What's New? ]

  v1.2, August 29th 1999   Changed the key hashing procedure to make
                           birthday attacks more difficult, resulting
                           in slower startup but ~500 bytes smaller
                           file as no magic strings are required.
  
  v1.1, August 25th 1999   Renamed to uppercase and fixed a bug
                           causing it not to load on some systems.
  
  v1.0, August 24th 1999   First release. Strong and fast encryption.



------[ Usage / Installation ]

  Add the plugin to both the client and the server, be sure to
  configure matching key strings and check the CBC setting.
  You should now be able to select Serpent from any encryption
  drop-down menu, and you can specify SERPENT in any encryption
  setting. Please be sure to use Serpent both in the client and
  the server, otherwise it wont work (surprise, surprise).
  
  If you can't figure out how to add plugins I suggest you go to
  your local software store and acquire a copy of PC Anywhere [tm],
  so you wont have to coap with the tremendous difficult task of
  adding a plugin :-P



------[ ECB vs. CBC Mode ]

  Many commonly used ciphers (e.g., IDEA, DES, Blowfish) are block
  ciphers. This means that they take a fixed-size block of data
  (usually 64 bits), and transform it to another 64 bit block
  using a function selected by the key. The cipher basically
  defines a one-to-one mapping from 64-bit integers to another
  permutation of 64-bit integers. Serpent uses blocks of 128 bits.
  
  If the same block is encrypted twice with the same key, the
  resulting ciphertext blocks are the same (this method of
  encryption is called Electronic Code Book mode, or ECB).
  This information could be useful for an attacker.
  
  In practical applications, it is desirable to make identical
  plaintext blocks encrypt to different ciphertext blocks. The
  Cypher Block Chaining (CBC) Mode does exactly that: a ciphertext
  block is obtained by first XORing the plaintext block with the
  previous ciphertext block, and encrypting the resulting value.
  
  Thus the complete cypher stream is needed in order to decode.
  Any missing or displaced blocks and there's no chance of
  decoding it anymore. So if you are using unreliable means of
  transport, such as UDPIO, you should turn CBC Mode off.



------[ Algorithm ]

  The main advantage of the algorithm is speed, at strong
  encryption power.

  Serpent provides users with the highest practical level of
  assurance that no shortcut attack will be found. To achieve
  this, the designers limited themselves to well understood
  mechanisms, so that they could rely on the wide experience
  of block cipher cryptanalysis. They also used twice as many
  rounds as are necessary to block all currently known shortcut
  attacks. They believe that this is prudent practice for a
  cipher that may have a service life of 50 years and continue
  to protect legacy data for a further 50 years beyond that, if
  selected as the AES winner.
  
  Despite these exacting design constraints, Serpent is faster
  than DES. Its design supports a very efficient bitslice
  implementation, and the current fastest C version runs at over
  26 Mbit/sec on a 200MHz Pentium (compared with about
  15 Mbit/sec for DES).



------[ Legal Crap ]

  The developers and patent holders have allowed free use of the
  algorithm for any purpose.
  
  This implementation does not contain any code which was exported
  from the U.S. illegaly, thus this plugin constitutes no
  violation of the U.S. ITAR export regulations.
  
  I am a citicen of Switzerland, and my web server is located in
  Germany, so neither got anything to do with the US. But let's
  wait for Wassenaar - could change things a little to the worse :(



------[ License ]

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License as
  published by the Free Software Foundation; either version 2 of
  the License, or (at your option) any later version.
  
  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public
  License along with this program; if not, write to the Free
  Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA
  
  If you do redistribute or modify it, please let me know.



------[ Thanx To ]

  DilDog
    for answering (most) of my mails and for making BO2K possible
  the rest at cDc
    for being the rest at cDc
  Maw~ and Ryan
    for the developers talk
  Brian, Sean, Christian and Irwan
    for the good bug reporting and helpful suggestions
  John, Graeme and the rest of the the crowd at alt.fan.cult-dead-cow
    for keeping the newsgroup going



------[ Contact ]

  Daniel Roethlisberger
  E-Mail:             <admin@roe.ch>
  Web:                http://www.roe.ch/download/bo_cast.shtml
  ICQ:                4646931
  
  Get my PGP-Key with ID 0x8DE543ED at ldap://certserver.pgp.com.
  
  Visit the official BO2K site at http://www.bo2k.com.



------[ Over and Out ]

  <<better than any handle>>