





                                     BFA7
                    

                               Blowfish Advanced 7


                                  Version 7.0

                
                              (c)1996 AtmuteSoft




                              U S E R   M A N U A L









        GENERAL REMARKS:

        1. THERE MIGHT BE SOME MORE OR LESS HEAVY GRAMMATICAL
           OR LANGUAGE STYLE ERRORS. SORRY FOR THAT, BUT THE
           AUTHOR WAS BORN IN GERMANY, DOING HIS BEST ON WRITING
           THIS MANUAL.
        2. ALL TRADEMARKS ARE TRADEMARKS AND OWNED BY THEIR
           OWNERS, OF COURSE.
        3. YOU CAN PRINT OUT THIS DOCUMENT EASILY BY TYPING
           "COPY MANUAL.TXT PRN" IN THE DOS PROMPT.






  The topics covered in this documentation:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	1. Introduction
        2. Working with BFA7
                2.1 Installation
                2.2 How to use this program
                        2.2.1 Operation modes
                        2.2.2 Options
                        2.2.3 File selections
                        2.2.4 Error levels
                2.3 While BFA7 runs...
        3. Problems?
	4. Security aspects
        5. Copyright & warranty
        6. Registration notes
        7. BFA for Windows(tm) 95
        8. Thank you...



  1. Introduction
  ~~~~~~~~~~~~~~~

      Blowfish Advanced 7 (BFA7) is a file encryption utility. This
      means you can input a secret password, which should be only
      known by you, and BFA7 will encrypt all selected files with that
      password. After the encryption nobody has access to the original
      data if (s)he doesn't know the right password. If you want to restore
      your original files you only have to type in the same password and
      BFA7 will do the rest.
      So far, so good. But why do I need such a program, you might ask.
      Well, we're living in a world where informations becomes more and
      more important. And today informations are mostly stored on
      computer systems. Ask yourself : which data on my computer's hard
      drive is private? There might be some love letters you want nobody
      to read them. Or, much more important, sensitive buisness data,
      documents containing informations about your financial status and
      so on. Or just those sexy pictures you got from the Internet :)
      Now the second important question : who has access to your
      computer?  Please don't be naive, the answer is : everybody.
      Everybody can turn on your computer and get any information that's
      stored in it. In a network people might have access to your
      computer because all users might have the same rights. If you have
      a special account the system administrator is still the last
      instance and is able to watch everything you read or write in the
      network. Not to talk about the real bad guys : crackers breaking
      into computer systems to steal important informations (maybe hired
      by the competition?). The list of those frightening situations is
      very long and if you've enough fantasy and/or technical background
      you'll find even more of them.
      Sounds like paranoia? No, it's not. We're in the digital age now
      and we should get used to accept digital keys as well. In real
      live we use keys to lock the door to our homes, to avoid someone
      reading your diary and so on. Now it's time to protect the privacy
      in the computer world as well.
      The solution for all these problems is encryption. If you encrypt
      a sensitive file with a proved algorithm and a password complex
      and long enough to resist a brute force attack (that means to try
      out all possible passwords) your private data will be save.
      Crackers might copy the encrypted files but they are absolute
      worthless without the right password to decrypt them. But that's
      not all encryption can do. File-based programs as BFA7 are able to
      encrypt your valuable software in an easy way. Just encrypt your
      new word processor in the office before you leave to home. Nobody
      can stole the program now. Another important aspect is authentication.
      You're writing a new book or just an interesting article for the local
      newspaper? Encrypt it and you can be sure that nobody will be able to
      modify even a single bit in your document without your knowledge.
      File encryption software should be easy to use, should offer the
      best encryption technology available and last but not least it
      should be fast. BFA7 was designed to cope with all of these
      demands. It's very comfortable to use, has powerful features for
      every daily situation and uses the newest and safest state-of-
      the-art technologies to protect your data. Besides it uses the
      full 32bit power of the Intel processors 386/486/P5 and P6 (plus
      the clones) for maximum speed. And its successor for Windows(tm) 95
      is already on its way.



  2. Working with this software
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      2.1 Installation
      ~~~~~~~~~~~~~~~~

          It's very easy. The executable file BFA.EXE is a standalone
          program. However it'll be good to have the configuration
          file BFA.INI in the same directory. You can edit BFA.INI
          with every ASCII editor, configuring BFA7 for your own
          personal demands.

          I recommend to copy BFA.EXE and BFA.INI in a directory on
          your hard disk which is declared by the PATH directive in
          your AUTOEXEC.BAT. If you're not sure which directories are
          PATHed, copy the files to the DOS directory C:\DOS.
          Or create a special directory for BFA7 on your hard drive
          and add the right path information to your AUTOEXEC.BAT.
          E.g. create C:\BFA7 and copy BFA.EXE and BFA.INI into it.
          Then add the line "PATH %PATH%;C:\BFA7" to your AUTOEXEC.BAT.
          After a reboot you can use BFA7 everywhere on your PC system,
          on every drive and in every directory. With its small size of
          about 140 kB you can even execute it from floppy disks very
          quick.

          BFA7 needs a 386sx processor or better, DOS 3.0 or higher
          and at least about 490kB of free memory to run.



     2.2 How to use this program
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~

         BFA7 is a program to be run in the DOS command line.
         You must give BFA7 a number of parameters before the program
         is able to start its work.

         Let's see first how you can arrange these informations
         correctly for BFA7. There are three types of parameters,
         which are defined like in the following scheme :

               bfa [operation mode] [options] [file selections]

         Here an example for better understanding:

                             bfa e /r *.doc /-h

         Now let's examine this call to BFA7:

         - "bfa" is the call for the program. You may also type
           "bfa.exe", but this isn't really necessary.

         - "e" is the operation mode. It forces BFA7 to work in
           encryption mode. Files will be encrypted after you entered
           the password.

         - "/r" and "/-h" are options to activate or deactivate special
           features. Here "/r" will force the program to include all
           files in subdirectories and "/-h" will deactivate the
           renaming of encrypted files.

         - "*.doc" is the file selection. This special one will tell
           BFA7 to encrypt all found files with the extension "doc".

        Paramaters can be set in any order you like, except of the
        those defining the operation mode. They must always be placed
        behind the BFA program call. Options and file selections
        can be mixed.
        If you already have worked with command line based programs like
        XCOPY, PKZIP(tm) and so on, you're certainly familiar with this
        usage of parameters. If you have no or little experience with
        the handling of such programs it would be a good idea to read the
        DOS manual for the basic rules.

        Now let's have a look at the different operation modes and
        options of BFA7. You should read the following chapter very
        carefully. Only in this way will you be able to use the full
        power of BFA7.
        Please remember that all your input isn't treaten case-sensitive,
        except of passwords.



       2.2.1 Operation modes
       ~~~~~~~~~~~~~~~~~~~~~

         With BFA7 there are three operation modes which you can select
         by one of the following letters :

         e - Encrypt files. BFA7 will start to encrypt all the files
             you have selected after a correct password is entered.
             Please remember that encrypted documents can't be loaded
             in any application anymore and that encrypted programs
             can't be executed, too. They might contain such silly byte
             combinations that the system will be totally confused and
             might crash! And don't encrypt anything you might need for
             running your system properly, e.g. inilialisation files or
             systems files (like COMMAND.COM).
             Remember also that encrypted files aren't compressible any
             more. If you want to save disk space compress them before
             with programs like PKZIP(tm), ARJ, RAR or LZH (or use the
             built-in data compression by setting the /c option).

         d - Decrypt files. BFA7 will try to decrypt all files
             you have selected with the given password.

         v - View files. If you only want to know the states (encrypted or
             not) of your files, you should use this operation mode.
             The original files won't be touched in any way. If you intend
             to examine a large number of files it might be better to
             additionally create a report file (see /y option).

         If you typed any other letter than "e", "d", or "v", BFA7 won't
         work and will show you its help screens.


       2.2.2. The options
       ~~~~~~~~~~~~~~~~~~

         Options are usefull to switch BFA7's functionality in that way
         to fullfill your wishes as best as possible.
         With options you can turn special features of the program on or
         or off, declare an algorithm, other ways to input the password
         and so on.

         Although BFA7 works fine without any option, please read the
         following lines carefully to master critical situations and
         to use all the powerful feastures.

         Options must be defined with a leading oblique, e.g. "/c" to
         turn on the data compression. The program doesn't support the
         UNIX style, e.g. "-c", because under DOS hyphens are allowed to
         be used in filenames.
         Some options are switches, that means they only define two
         states (on and off, or true and false). To turn such an
         option on you must write "/x" (x stands for any legal option
         identifier), to turn it off write "/-x". This allows you
         to overwrite option switches predefined in BFA.INI.



         The following options are built in BFA7 (sorted by names) :


         /aX{Y} To decide on one encryption algorithm (single encryption)
                or two encryption algorithms (mixed encryption).
                The following numbers are valid for X {and Y} :

                                    1 : Blowfish
                                    2 : Blowfish32
                                    3 : GOST
                                    4 : TDES
                                    5 : Cobra

                Blowfish is the fastest, TDES the slowest algorithm you can
                select. For more information about the used algorithms please
                read the file SPECS.TXT.
                For single encryption you have only to define one number,
                e.g. /a4 to encrypt your files with TDES. For mixed encryption
                you have to enter two numbers, e.g. /a13 for a Blowfish/GOST
                combination.
                If you don't define this option the program will choose
                Blowfish (single encryption) as for default.
                Please remember two important things :
                a) The numbers of the used algorithms are't stored in the
                   encrypted files, so you have to remember which combination
                   you've used (otherwise you'll have to try out all
                   possible combinations, actually 25).
                b) If you used mixed encryption : the order of the defined
                   algorithm must the same for decryption be as it was for
                   encryption. E.g. /a45 and /a54 will produce totally
                   different results. In the same way it isn't possible
                   to encrypt a file with mixed encryption and to decrypt
                   it in two single stages (e.g. encrypt with /a23 and
                   decrypt first with /a2, then with /a3). The algorithms
                   are internally "glued" together and work as one single
                   unit.


         /b  The program will store every file's original name in the header
             of the corresponding encrypted file. If you decrypt the file
             the original name will be restored. By defining the /b
             option you can tell BFA7 not to do this, but to keep the
             actual filename. This might be useful if you have changed
             the file's name while it was encrypted and want to keep
             these changes now.


         /c{f}  BFA7 is enable to compress the data before it's going
                to encrypt it. By defining the /c option you can turn on
                this data compression. If a file can't be compressed (e.g.
                multimedia documents like JPG, GIF, MPG or just the
                archives of compression programs like ZIP, ARJ, RAR and
                LZH) it'll be stored uncompressed. By using the option's
                extended form /cf you can force the compression of a file,
                in the worst case the file will be about 10% bigger than it
                was before. Depending on what a file contains it can be
                compressed up to 98%.
                Data compression takes a lot of performance, so please
                keep in mind that the whole process while take much more
                time than without compression.


         /dxxx  Normally encrypted files will be written at the same
                place were the original files were placed. If you want to
                create the encrypted files at another destination, e.g.
                for backup purposes, you can define a destination xxx
                with the /d option. The destination can be anything but
                a filename. You can declare a drive or a path or both
                combined. Please remember that you must write the
                option and the destination together, e.g. /dt:\bak.


         /eN  The password (or the key in generally) can be entered in
              different ways. With this option you can choose which one
              you prefer. The following modes N are valid:

                1 : The password is put in as you usually do it. You
                    can enter a name or even a complete sentence. The
                    letters of the password are converted to their
                    corresponding ASCII values, e.g. an "A" has the
                    ASCII value 65, a "0" the value 48 and a " " the
                    value 32.

                2 : In this mode you can enter the key values directly.
                    That enables you to enter values who aren't
                    accessable on your keyboard, e.g. the value 0.
                    Using this mode makes it much harder to find out
                    a password by trying all possible combinations
                    because all values (from 0..255) can be used.

                3 : Entering a password by defining the values directly
                    is easy to use and makes the whole thing more
                    secure. But what values should you choose? Don't
                    make the mistake and enter 1, 2, 3, 4, 5 because
                    such sequences can be guessed. The best way is to
                    choose them randomly. But it isn't also wise to
                    generate them by a program. The best random values
                    are produced by nature. And an easy way to get some of
                    them into the computer is by moving the mouse. If
                    you use the /e3 option you can create such random
                    values by just moving the mouse and clicking some
                    times to generate the next value. Move the mouse
                    wildly! Shake it! Only then the values will be mixed
                    really well. Use the mouse button to move the
                    virtual cursor as described in the input window.
                    The mouse input mode isn't available in combination
                    with the /l option. Because it's hard to enter an
                    value exactly BFA7 will turn in the mode 2 if files
                    have to be decrypted.

                4 : If you're very distrustful this input mode might be
                    the right one for you. The values are taken directly
                    from the keyboard controller (for experts : the scan
                    codes), ignoring every keyboard driver of the
                    operating system. You will recognize that because you
                    only can press one key at one time.
                    Getting the key code in such a direct way avoids the
                    danger that your passwords would be intercept by a
                    special spying driver that records all your
                    keystrokes (including the password) before
                    transfering them to the application. The so
                    called antitap mode is really useful because you can
                    type in the password as in the mode /e1 but
                    the bandwidth of the values (there are 102 keys on a
                    stadard keyboard) is much better. Don't be shy to
                    use F1..F12 or even the page-up/page-down keys
                    within your password.
                    But please be careful! Some keyboards may return
                    different values for the same keys, especially the
                    new ones with cool keys for Windows(tm) 95.
                    I don't recommend to use special keys who aren't
                    available on any standard keyboard.
                    The antitap mode is more or less ineffective under
                    multitasking operation systems like Windows(tm) or
                    OS/2(tm), because there all direct hardware i/o is
                    been isolated by the processor and the kernel. You
                    should use /e4 under DOS.

              If you want to encrypt files you have to enter the password
              twice a time, except if you put it in via mouse (/e3).
              This avoids hitting the wrong keys by mistake and create a
              password you didn't actually want.
              For decryption you have only to type in the password one
              time. It isn't necessary to choose the same input mode again
              If you're smart you can try to enter the ASCII values of
              your pass phrase directly in the numerical mode or try to
              find corresponding letters or the values entered in the
              antitap mode. But normally it will be better to choose the
              same input mode again. It's just faster to do.
              The standard mode for password input is /e1.

         /fN  Normally all your input (except if you're using the mouse)
              is covered be asterisks. With this option you can change
              the visibility of your password. The following modes N
              are valid:

                1 : Your password will be covered with asterisks "*" as
                    already mentioned.
                2 : The password will completely be hidden. You won't
                    see anything. This mode is only availabe if you give
                    your password in the "conservative" way (/e1 option).
                3 : All the letters or rather the values are visible.
                    Please make sure that you aren't watched by someone
                    behind you. And look out for hidden cameras aiming
                    your computer screen!


         /g  After it has created a file list BFA7 will ask you to
             start encrypting/decrypting or viewing. If you use the
             program in batch files or if you are absolutely sure doing
             always the right things this option may be useful. It turns
             the additional start and stop confirmations off.


         /h{e}  Encrypted files aren't useful for anyone who hasn't
                access by knowing the right password. With the /h option
                all your encrypted files will be renamed with 13 random
                letters from the set "A..Z" and "0..9". This is useful
                for two reasons : a) nobody can predict anymore what was in
                your file because the original name and extension have
                vanished b) you can easily see which files are encrypted and
                which are not (so there isn't the danger to start encrypted
                executables and risk a system crash). If you want to keep
                the files' extensions, e.g. to have the possibility to
                delete all textfiles from within an encrypted set of
                files, then use the /he option.
                Please don't use this option in combination with the
                option /n, otherwise your original filenames will be lost
                forever! I have doubts you want an unencrypted file with
                the name 1CQP91YR.SJM, right?

         /i  To check the integrity of a file's originial data after it
             has been decrypted BFA7 makes a CRC32 checksum comparison.
             If the checksums aren't equal the file won't be stored
             and the encrypted filed is recovered to give the user the
             chance to solve the problem (fix disk errors, choose another
             password, ...). With the /i options you can turn off this
             integrity check. A file will always be decrypted, even if
             some data areas are damaged.
             Please use this option VERY CAREFULLY! Use it only if you're
             100% sure that the password is the right one. And don't
             forget to backup the encrypted file to have another chance
             for decryption. A file decrypted with the wrong password is
             trash, just trash!
             It's strongly recommended to let the entry "IgnoreChecksums"
             in BFA.INI always set to "off". If CRC32 errors occur
             please try to fix them manually with the /i option.


         /j  If you don't want BFA7 make any sound use this option.


         /k  The date and time information of a file is stored together
             within the encrypted counterpart and restored after
             decryption. You can force BFA7 to keep the original
             date+timp stamp even in the encrypted state by using this
             option.


         /l  This option turns the display off and forces the program to
             put out all the informations via DOS. This allows you to
             redirect the output of BFA7 to any DOS device (e.g. to NUL or
             to a file). Be aware that the so called standard output shows
             much less informations that the display. The /l option is
             useful especially in batch files and for shells who call the
             program and don't want any visible output.


         /m  If you're a laptop user and the BFA7 colors don't appear
             clearly on your LCD screen this option might help (also the
             color display has been successfully tested on a B/W LCD screen).
             It turns the colors off and switches the display into black
             and white.


         /n  As already mentioned BFA7 stores the original filenames in the
             encrypted files (of course the filenames are encrypted
             there). If you don't want the program to do this then use the /n
             option and you'll save 8 or 16 bytes per encrypted file.
             Please don't use this option in combination with the /h one!


         /o{r}{N}  This option forces the program not only to delete the
                   original file but also overwrite its data before it's
                   going to be deleted. The reason is that if you delete
                   a file conventionlly only an entry in the file allocation
                   table (FAT) is changed, but the original data stays onto
                   your hard disk until it'll be overwritten by a new file.
                   Until. It's hard to say when this situation will occur.
                   But it's easy to undelete a file or to read out the data
                   with a disk editing utility. Very easy, just anybody
                   can do this. With the /o option this danger will
                   vanish. The original data will be physically deleted by
                   overwriting it according to the NTSC-TG-025 regulations
                   (Version 2, Sep 1991). Sounds cool, doesn't it? If you
                   use /or the program will continuously create random data.
                   This might be useful in combination with online disk
                   compression programs (so the data for overwriting can't be
                   compressed at any time). You can repeat the overwrite
                   process up to 99 times by adding a number, e.g. /o7.
                   Please remember that overwriting does only make sense
                   if any write cache is turned off in your system. Under
                   DOS e.g. you might deactivate the cache for drive D:
                   by typing "SMARTDRV d-". Unfortunately some other operating
                   systems, like Windows(tm) 95, don't allow you to control
                   their cache systems. Especially for Windows(tm) 95
                   it'll be the best to do all the encryption in DOS mode
                   (not just in the DOS box, you have to leave the GUI
                   completely).


         /p  You can predefine a password in the command line with this
             option. Just append the password directly after the option
             character, e.g. /pgirlfriend. You can enter a complete pass
             phrase if you put it in quotation marks, e.g. you may type
             /p"The weather is green next car!" (this is really a good
             password, the less sense it makes, the better!).
             Remember that the password is visible while you enter it!
             Don't use this option in batch files! If you do the batch
             files must be destroyed after!
             It's not possible to define passwords for mixed encryption
             by this option.


         /q{ahrs}  Due to the fact that a file's original attribute is
                   stored in its encrypted counterpart and will be
                   restored after decryption BFA7 is able to encrypt any
                   file on your hard disk, system and hidden files
                   included. With the /q option you can set the so called
                   excluding attribute mask. This mask defines a number
                   of attributes. If a file has one of the attributes
                   defined with the /q option it will not be encrypted or
                   decrypted.
                   The following letters are valid:

                         a : exclude files with the "archive" attribute set
                         h : exclude hidden files
                         r : exclude write-protected files
                         s : exclude system files

                   If you want to encrypt everything just type "/q".
                   The default attribute mask is /qhrs, this means that the
                   program will encrypt any normal file, but ignore
                   readonly, hidden and system files.
                   Please remember that encrypted files will always have
                   the "archive" attribute, even if they originally were
                   hidden, system and/or readonly.


         /r  This option tells the program to go into recursive file search
             mode, extending the looking up for files to all subdirectories
             of your selection. If you type "bfa e c:\*.* /q /r" the program
             will encrypted really EVERYTHING on your C: drive. Don't forget
             to create a bootdisk with BFA.EXE on it to reactivate it :)


         /s  For default BFA7 checks if a file is already encrypted. If
             it is it won't be encrypted a second time. By defining the /s
             option you can turn off this check. The program won't check
             (and skip) now for already encrypted files.
             Please remember that if you encrypt a file multiple times
             you have to decrypt it multiple times in reversed oder, too.


         /t  If you've defined a special destination for the files with
             the /d option the result will look like a copy procress with
             additional encryption. Use the /t option and the original
             files will be deleted, too. So you'll have a file movement.
             I strongly recommend to use this option in combination with
             the /o one to destroy any original data.


         /uN  The display isn't dependant on the normal text mode
              resolution 80x25. You can use any text mode that is
              available on your system and can be displayed by your
              monitor.
              The following settings N are valid :

                         1 : 80x25
                         2 : 80x30 (only VGA)
                         3 : 80x50 (only VGA, on EGA 80x43)
                         4 : VESA textmode #1 (if available)
                         5 : VESA textmode #2 (if available)
                         6 : VESA textmode #3 (if available)
                         7 : VESA textmode #4 (if available)
                         8 : VESA textmode #5 (if available)
                         9 : VESA textmode #6 (if available)

              The modes 1 to 3 should run fine on every computer system.
              The VESA text modes are a little bit more critical. Either
              they might not be available (BFA7 will use mode 1 then) or
              the resolution can't be display with your monitor, so the
              screen might turned black or even be damaged! Please consult
              your hardware manual what's possible on your system.


         /v  This options will force the program to query the user before
             it starts encrypting or decrypting each file. This might be
             useful if you want to encrypt only some special files.
             The message dialog also allows you to exit the program
             prematurely.


         /w  If you define this option the program won't warn you before
             it's going to overwrite an existing file.
             I don't recommend to use this option. Even if files have the
             same name they might be totally different.


         /x  After BFA7 has parsed the command line BFA7 checks the
             integrity of the executable (normally BFA.EXE, if you didn't
             renamed it). If the program was modified by a cracker or a
             virus it'll be detected and you will be notified by a warning
             message, except you've set the /x option. This might be useful
             in combination with virus scanners who add checksums to
             executable files or if you launch the program on slow
             systems from uncached floppy disks to save some time.
             I recommend to avoid this option! If your BFA.EXE seems
             to be modified then contact the author to get an original
             copy. Anything other might produce a bad encryption, spread
             viruses or blow up your whole system. Nobody knows.


         /y{+}{xxx}  This option will force the program to create a so
                     called report file. This is an ASCII textfile named
                     BFA.RPT where every action of BFA7 is logged. If you
                     add the "+" switch, the new informations will be appended
                     to an existing report file. You're allowed to supply the
                     destination of the file BFA.RPT (xxx). If no other
                     destination is given, the program will use BFA.RPT in the
                     current directory.
                     Please remember, that BFA7 will refuse to encrypt
                     or decrypt any file named BFA.RPT!


         /z  As already mentioned the original attributes are stored in
             the encrypted files. If you don't want them to be restored
             then use the /z option. This might be useful e.g. if you
             don't want to recreate writeprotected files (e.g. if the
             original counterparts were located on CD-ROM).


         /#  This option restricts the passwords to a maximum length of
             5 characters/bytes. Might be useful for system administrators
             who offer the program to network users which aren't allowed to
             use uncrackable long passwords (a sysadmin will have to give
             BFA.EXE and BFA.INI special attributes, of course, so that
             the user can execute but not copy the files, maybe you (s)he
             turn on the /x option).
             Please remember that you can't turn off this option if it
             was set in the configuration file BFA.INI.


         /%  To set the CBC inialisation vector and the output of BFA7's
             random generator to zero you must use this option.
             This enables you to create identical cryptfiles with the same
             password and the same source. Only useful for experts to check
             the correct work of the program. For more informations
             please read the file SPECS.TXT.



       2.2.3 File selections
       ~~~~~~~~~~~~~~~~~~~~~

         You can give BFA7 as many file selections as you want.
         It's possible to declare a single file or wildcard,
         multiple selections, or all combined.
         The syntax is the same as in all other command line
         programs in DOS, Windows(tm), UNIX or OS/2(tm).

         Just some valid examples :

         bfa e *.*   (all files in the actual directory )
         bfa e *.htm *.gif   (all files with the extensions "HTM" and "GIF")
         bfa e d:\text\*.txt   (all files in the directory d:\text with
           the extension "TXT")
         bfa e \*.zip a:*.asm e:\doc\e???0??.doc   (all ZIP-files in the home
           directory on the actual drive, all assembly sources on the floppy
           disk in drive A: and all documents in the \doc directory on
           drive e: that fit into the "e???0??" mask)


       2.2.4 Errorlevels
       ~~~~~~~~~~~~~~~~~
         The program returns the following error levels to the
         operating system:

                2 : no error, everything worked fine
                3 : program initialization failed
                4 : fatal error occured (file couldn't be closed, etc.)
                5 : user break detected
                6 : no files were found
                7 : illegal command line
                8 : invalid password entered
                9 : out of memory

         These codes are useful in batchfiles were you can read them out
         with the ERRORLEVEL expression.



      While BFA7 runs...
      ~~~~~~~~~~~~~~~~~~

        ... you won't have to do much more.
        If you have defined options and fileselections right the only
        thing you have to do is to enter the password. BFA7 will start
        then to search all files fitting to your first file selection.
        If you haven't defined the option /g or set Confirmations=Off in
        the BFA.INI the program will query your permission to start.
        Depending on the speed of your computer system and the selected
        algorithms BFA7 will now start to encypt/decrypt/view your files.
        If you didn't turned the display off you'll see the progress of the
        program's action in clearly arranged windows.
        In the window "Files" you'll see the processed files with their
        pathnames, the compression ratio (100% means no compression, 50%
        e.g. that the file could been shrinked to half of its original
        size) and some results messages.
        In the window "Status" BFA7 will show you the selected workmode
        and the destination you've defined to copy/move the files.
        "Operations" shows the name of the actual processed file and a
        nice progress bar. The progress bar changes its color depending
        on what BFA7 is actually doing (red = encrypting, yellow =
        wiping (overwriting original data), green = decrypting, blue =
        viewing file states).
        The window "Statistics" will show you the number of files, the
        encryption speed rate in kb/sec, how much files were processed
        successfully and some byte statistics.



  3. Problems?
  ~~~~~~~~~~~~

      Am I able to halt the run of BFA7 while it's working?

        Yes you can. Press one of the following keys to
        interrupt the program : [Esc], [Alt]+[F4], [Alt]+[X]
        or [CTRL]+[Break]. BFA7 will query you before it'll
        returns to DOS. The actual file will of course be
        restored before the program will terminate.


      What errors might occur with BFA7?

        There are two classes of errors : file dependent errors and
        system dependent errors.

        File dependent are such exceptions like if a file isn't
        encrypted (decryption) / has already been encrypted
        (encryption), can't be decrypted due to a wrong password,
        was created by a future version (and isn't compatible to the
        actual one) or CRC32 errors. Only the last one (checksum
        errors) is real critical : it means that data was damaged more
        or less. Try to decrypt it with the /i option after you've
        made a backup the original file.

        If your password doesn't work anymore then you're in some kind
        of trouble. Perhaps you have used an older password, the
        [CAPS LOCK] key was pressed or (in antitap mode) you're using
        keyboards with different scan codes.

        The second class are system errors, e.g. if the program tries
        to write on a CD-ROM (open to read errors), if files were
        deleted after BFA7 has completed its search list or (probably
        the worst case) if your data carrier is damaged.

        If you use the recommended random file renaming (/h option)
        then it might be possible that there were 2 encrypted files with
        different random, but equal original names in the same
        directory. The first one will ve decrypted and restored correctly,
        but the second one will activate the overwrite warning. Then you
        have to decide whether the files were equal and the first one
        can be deleted or not.



  4. Security aspects
  ~~~~~~~~~~~~~~~~~~~

      If you choose a password there's one important thing you must
      think about first : every password barrier can be broken
      using a brute force attack.
      This means an attacker will try out every possible password
      If your password is three letters long and the bad guy estimates
      that you've only used characters from 'a' to 'z' then are
      26 * 26 * 26 = 17,576 possibilities for choosing a password!
      Yes, I said 'only'!
      In the worst case (s)he have to try 17,575 combinations
      to find your password. With a well optimized key search program
      run on fast computer system the attacker cracks you password
      within a second!
      But if you're using only 2 letters more, (s)he must try out
      26 * 26 * 26 * 26 * 26 = 11,881,376 combinations, which takes much
      more time, even with a fast computer.
      The rule is simple : the more letters (or in binary mode : the
      more bytes) you use, the more possibilites exist, the harder is
      the encrypted file to break.
      Using binary passwords is a fine method (/e2,3,4 option). With
      a 6 bytes long binary password there are 256*256*256*256*256*256
      =  281,474,976,710,700,000,000 (281 trillion) possibilites.
      Let's assume a supercomputer can try 1 million keys per second,
      them it'll take about 9 years to test all possible combinations.
      Using just one byte more and the brute force attack will be
      senseless. Registered users will get BFACRACK.EXE, a brute force
      key search program, e.g. useful to find passwords that have been
      entered with light errors, for example "imagintaion" instead of
      "imagination".
      How should you choose your password?
      Don't use personal common words, such as the name of your husband,
      wife, daughter, son, dog, cat, lover, your insurance, house or
      telephone number, the numbers of your birthday or -year (not even
      in reversed order or another combination), etc.
      You can be sure an attacker will try these ones first!
      If you don't want to use binary passwords then use passwords
      at least 8 letters long. Don't use only small letters! Use some
      of the extra characters (&/%=-:,), use numbers.
      For example if you use "Hollywood-1995" as your password, there
      are over 15,515,568,480,000,000,000,000,000 (15 septillion)
      combinations, too many for any kind of brute force attack!
      But watch out: with the growing length of a password the chance
      to forget it grows as well.
      Please always remember:

                       * * * * * * * * * * * * * * * * *
                       *  DON'T FORGET YOUR PASSWORD!  *
                       *         REMEMBER IT!          *
                       *    IF YOU CAN REMEMBER IT,    *
                       *        WRITE IT DOWN!         *
                       * * * * * * * * * * * * * * * * *

      AtmuteSoft has no utilities to restore files encrypted with an
      unknown password of a secure length. BFACRACK can try about
      10 (Blowfish) to 1000 (GOST) passwords per seconds on a 486DX4.
      The program BFA7 doesn't store the password, neither in the
      cryptfile nor anywhere else. The password is even deleted in
      memory before the program is terminated.
      For additional informations please read the file SPECS.TXT.



  5. Copyrights and warranty
  ~~~~~~~~~~~~~~~~~~~~~~~~~~

        AtmuteSoft and BFA7 are property of the author of this
        software, Markus Hahn.

        The Blowfish encryption algorithm was designed by Bruce Schneier.
        You can contact him via schneier@counterpane.com.

        The Cobra encryption algorithm was designed by Christian
        Schneider. You can contact him via 100542.2132@compuserve.com.

        The programming of the Blowfish assembly implementation was
        done in cooperation with Cedric Reinartz. You can contact him
        via cer@servww4.ww.uni-erlangen.de.

        YOU ARE USING BFA7 AT YOUR OWN RISK! ATMUTESOFT (MARKUS HAHN) IS
        NOT LIABLE FOR ANY DAMAGE CAUSED BY THE USE OF BFA7 OR BY THE
        INABILITY TO USE BFA7. IF YOU ARE NOT SURE ABOUT THIS, OR IF YOU
        DON'T ACCEPT THIS, THEN DO NOT USE BFA7!

        This software has been well tested on several computer systems
        from an antique 286/10MHz systems up to a modern P6/150.



  6. Shareware notes
  ~~~~~~~~~~~~~~~~~~

        This is a shareware version of BFA7. You are encouraged to
        spread it around the world by publishing it on CD-ROM, BBS,
        offering it via FTP or WWW. The only limitation is that the
        complete program package should not be changed in any way.
        The maximum key length of this shareware version has been
        restricted to 5 characters (40bit), for that there should be no
        problem for re-exporting BFA7 out of the United States.

        After the a trial time of 20 days you should get your own copy
        of BFA7 for a very small registration fee of US $20.00 (students
        US $15.00). For more informations read the file REGISTER.TXT.
        Users from Germany please read the file LIESMICH.BRD.

        If you have problems, questions or suggestions you can contact
        the author at the following address by snailmail :

                        Markus Hahn
                        Schellingstrasse 13
                        72622 Nuertingen
                        GERMANY

        You can also send an Internet email to the address:

                        hahn@pcmail.rz.fht-esslingen.de

        ( you may even try hahn@.rz.fht-esslingen.de, if the
          standard address doesn't work )



  7. BFA for Windows(tm) 95
  ~~~~~~~~~~~~~~~~~~~~~~~~~

      is already under developpment and will be available in
      the late summer 1996.
      The following additional features are planned until now :

        * new encryption algorithms : IDEA, MDC/SHA and SAFER
        * faster data compression
        * selectable authentication with MD5
        * selectable output in an uuencoded format
        * a fast and easy to use interface,
          "Encryption at your fingertips! (R)"
        * some other cool things...

      New versions of BFA7 should be always available on the
      following Internet FTP services:

      ftp.uni-stuttgart.de
      /pub/systems/pc/security/bfa7xx.zip

      ftp.leo.org
      /pub/comp/platforms/pc/msdos/apps/security/bfa7xx.zip

      International servers where BFA7 will be uploaded are
      garbo.uwasa.fi and nic.funet.fi.
      If you only have access via email or if you don't trust
      the copy you got you can contact the author directly
      to send you the newest shareware version (if available)
      in uuencoded format (and encrypted with PGP on demand).



  8. Thank you...
  ~~~~~~~~~~~~~~~

      to all my betatesters and all people who have supported me writing
      this program, especially to Cedric Reinartz, Chris Schneider,
      "vfast" Steve (for interesting insider informations and language
      translation support) and Tobias Ueberschaer (betatesting).
      A special thank you goes to Bruce Schneier for its absolutely
      brilliant 2nd edition of

        "Applied Cryptography" (John Wiley & Sons, ISBN 0-471-11709-9),

      the bible for all code hackers and for his fairness to place the
      Blowfish encyrption algorithm in the public domain.



-end-




