| The cryptography discussed in the article is probably more aptly titled 1980s microcomputers-oriented cryptography. QText was first released in 1988. I'm not sure when they first added supported for passcode-protected files, but the version show in the article was released in 1992. This is before the spread of the early internet, before RC4 was leaked, before MD5 and HMAC were released and probably before even MD4 became widespread. I admit I was too young to be well-versed in cryptography back then, but as far as I can tell the only well-known cryptographic algorithms that I can think of during the late 1980s were RSA and DES, maybe also ElGamal? I'm not aware of any cryptographic hash function which predates MD2. There must have been some, but I don't know of any of them really caught on. Looking at PC software from the early 1980s up to the early 1990s, most of the software used 100% in-house roll-your-own-crypto. DES and RSA were initially too slow for microcomputers and even when processing power increased, they were not so trivial to implement yourself and there weren't widely available in libraries until the mid 1990s. So what you eventually got in this period was mostly ad-hoc algorithms that did very rudimentary encryption and were only as good as the author's imagination. If you were particularly unlucky, they wouldn't be much better than a glorified monoalphabetic cipher. This seems to be the case in QText as well. At least the key derivation function seems to be completely in-house and as the paper has demonstrated (and as you'd fully expect from an in-house algorithm), it has weaknesses that make MD4 seem secure. I think PGP (first released in 1991) is where we can see the trend start shifting into composing more-or-less standard algorithms using insecure in-house constructions. The first version of PGP used an in-house symmetric cipher called Bass-O-Matic (together with RSA and MD4), but PGP 2.0 replaced that cipher with IDEA[1]. It seems like in the beginning even the RSA signature format was non-standard, and PGP switched to a PKCS #1-based format only in version 2.3[2]. This where you start seeing all the famous 1990s schemes that go horribly wrong at misusing IVs or performing key derivation with a single-iteration of unsalted hash. But 80s crypto is even worse. [1] http://www.cypherspace.org/adam/timeline/ [2] https://www.rfc-editor.org/rfc/rfc1991.html |