Protection against password and key file attacks
If intruders want to get access to your encrypted data, they are likely to use a password attack (“brute force” or “dictionary” attacks). There is a technology implemented in the program (in accordance with PKCS #5 v2.0) that allows one to securely protect information against attacks of this kind.
The essence of protection technology is based on special algorithms used for generating the header encryption key which process the password/key files a thousand of times in a row. Thus, it takes billions of CPU tacts to check one password, which reduces the speed of password search so that the above-mentioned types of attacks turn absolutely useless. Besides, “salt” (a unique number of random data of 512-bit size) is used for key generation, which eliminates obtaining access through using a pre-computed “password-key” table.
The reliability of such protection is considerably boosted due to the fact that the program does not store information about the type of cryptographic algorithms used for information protection in a plain-text form. Taking into account that the program supports five cryptographic algorithms for data encryption (AES/Rijndael, Serpent, Twofish, Blowfish, CAST6) and three algorithms for derivation of the encryption key (HMAC-SHA-512, HMAC-RIPEMD-256, HMAC-Whirlpool), the header key must be generated using each of the specified algorithms (that is 15 times) in order to check every password upon attacks.
Cryptic Disk Ultimate Edition supports cascading data encryption (several cryptographic algorithms encrypting data one-by-one). The user themselves selects the list of algorithms and the order for them to be applied in. Thus, intruders will have to perform a full search of all the possible algorithm combinations (360 combinations for each password in total) to guess the password/key files for an encrypted disk created with the help of Cryptic Disk Ultimate Edition. Besides, using cascading encryption increases the size of the encryption key more than 10 times (up to 2944 bits), which significantly enforces the cryptographic strength of encrypted data.