MCrypt

MCrypt is a replacement for the old crypt() package and crypt(1) command, with extensions. It allows developers to use a wide range of encryption functions, without making drastic changes to their code. It allows users to encrypt files or data streams without having to be cryptographers. Above all, it allows you to have some really neat code on your machine. :)

The companion to MCrypt is Libmcrypt, which contains the actual encryption functions themselves, and provides a standardized mechanism for accessing them.

This web page is temporary, until a better one can be written.

Important Links

• MCrypt/Libmcrypt development site
• MCrypt/Libmcrypt development site (secure access)
• NIST
  • Cryptography pages
  • Modes of Operation
• NESSIE
  • Cryptography pages
• Paulo Barreto
  • Cryptography pages
  • Hashing Function Lounge
• Lars Knudsen
  • Block Cipher Lounge
  • Block Cipher Lounge for the AES standard
• NTRU Cryptolab (External)

Functions implemented:

Algorithm	Encumbered	Block Size	Key Type	Notes
3-Way	No	96	Secret
Arcfour	Probably not	Stream	Secret	Name is derived from "Alternative RC4". It is a mathematical clone of RC4, apparently to bypass the IP limitations of the original formulation. Arcfour is usually treated as unencumbered, and seems safe to regard as such, in general. IP interpretations at a given time or place may be different. If it is reclassed as encumbered, it will be removed from the main code.
Blowfish	No	64	Secret
Cast	No	64	Secret
DES	No	64	Secret
Enigma	No	Stream	Secret
Gost	No	64	Secret
Idea	No	64	Secret
RC2	No	64	Secret
RC6	Yes	128	Secret
Loki	No	128	Secret
Mars	Yes	128	Secret
Panama	No	Stream	Secret	Fails Test
Rijndael	No	128, 192, 256	Secret	AES if used in 128-bit mode
Safer	No	64	Secret
Safer+	No		Secret
Serpent	No	Block	Secret
Skipjack	Doubtful	64	Secret	External module. Written by NSA for Clipper chip. Origins are murky.
Twofish	No	128	Secret
Triple DES	No	64	Secret
Wake	No		Secret
XTea	No	64	Secret

Modes of Operation:

• CBC
• CFB
• CTR
• ECB
• OFB
• NCFB

It should be remembered that not all modes will work with all block ciphers, either because of implementation constraints or design constraints.

Proposed extensions and modifications

• Divide block and stream algorithms up
• Add in API support for public-key algorithms
• Provide better linkage with MHash, especially with authentication modes
• Add in new functions, provided there are no license conflicts
  • New Block Ciphers being considered:
    • Anubis
    • Camellia
    • Deal
    • Hierocrypt-L1
    • Hierocrypt-3
    • Khazad
    • MISTY1
    • SEAL 3.0
    • SHACAL-2
  • New Stream Ciphers being considered:
    • BGPL
    • Helix
    • Scream
  • New Modes being considered:
    • 2DEM
    • IACBC
    • IAPM
    • IGE
    • OMAC
    • PCFB
    • PMAC
    • TMAC
    • XCBC
    • XECB
  • Public Key Ciphers and Methods being considered
    (Where a specific cipher for a method is unknown, the method name is given)

    • HFE (icky IP issues, but may be doable)
    • NTRU
    • PSEC (an Elliptic Curve encryption scheme)
    • RSA
    • XTR

Any algorithm found to be covered by IP that conficts with the GPL cannot be a part of mcryptlib as standard. I believe the previous maintainer kept such material seperate, to avoid license contamination. This will remain the case, until or unless the owners of the algorithms remove conflicting restrictions.

Open Letter to Industry

Any comments or suggestions, relating to these pages or to the project should be e-mailed to: John Smith, the current maintainer for mcrypt and mcryptlib.