Why Azrar

Azrar combines a one-time pad (see, e.g., Cryptomni for software implementing a pure one-time pad approach) with a stream cipher method using the strong cryptographic hash function (family) Skein with additional administration processes for practical purposes.

Security requirements in practice depend on precise business demands but are commonly very high in free economy. The task to transfer data as private and secure as possible but viable applies also to Scientific Consilience.

Especially data secrecy after years when more calculation power is available and allows for cracking today's cryptographic standards is a crucial issue.

Thus, we decided to develop a tool which fits business requirements for encrypted data, especially long-term data secrecy: Azrar

Figure: Usual data sharing with an attacker.

Most encryption methods are based on assumptions about the computational power today. In other words, it takes too long to get the information out of your encrypted data without your key at present. However, it will be possible tomorrow with increasing computer power. We have not just to think of the far future, where most of the public key ciphers protecting encrypted email, secure web pages, etc., will be definitely broken by quantum computers. The near future with faster multicore processors and computing on graphics processing units is close enough.

To achieve long-term data secrecy, Azrar differs from other approaches in terms of not to rely on effective computational deficiencies.

Especially with the recent uncovered spy activities of security agencies - see this article or this article for two examples related to the NSA - it is crucial that Azrar can be checked and reviewed by the public and should be available for everyone.

Scientific Consilience determined to release Azrar under the GNU General Public License, see license. This tool shall be free to use for everyone and must not contain any hidden adware, spyware, or (hidden or official) advertisement. Everyone is invited to review the source code and to employ and to validate Azrar.

A Bit More Details
The main challenge is - surprisingly - not to find a perfect secure cipher in theory but to find a viable system in practice. The so-called one-time pad is the (only) currently known provable secure data encryption (impossible to crack), if used correctly. Based on the ideas of this perfect approach a viable system in practice has to address the following challenges/issues.

  • Key sharing in practice.
  • Keep the one-time pad property as long as possible.
  • Avoid direct usage of parts of the key multiple times and, thus,
  • Avoid key collisions where both communication partners encrypt their data unwittingly and independently with the same key (parts).
  • Ensure that encrypted data can be decrypted even after years (only by authorized persons), if the decrypted data seems to be lost and only the encrypted files are available yet.
  • New data have to be shared nearly instantly without generating and sharing new keys, even if not enough unpredictable (for an attacker) keys are left (unused).
  • Data transmission can be faulty.
  • Transmitted data could be forged.
  • User input could be incorrect (e.g. transcription mistakes).
  • Avoid keys that are not stored on read-only media since permanently accessible and not unforgeable key files enable attacks - even if the computer is not online.
  • Encryption and decryption should be available natively on many operating systems.
  • Source code should be free. Everyone should be able to check and control all details of the software.

Azrar's system pays attention to all these issues. Azrar in itself is only new in terms of - to the best of our knowledge - no other free software package is available that combines the employed well known approaches and proven facts to a tool that this combination becomes practicable. Azrar avoids security through obscurity and its security aspects are well documented.

Thus, we can commonly expect that no surprising security issue will appear concerning the used methodology.

More information can be found in

Azrar's manual and documentation.