Cryptography: Protecting your Geographic (and other) Data

In our ongoing explorations of the methods of cryptographic protection of geographic location data we found Bruce Schneier's Blowfish to be the preferred cryptographic algorithm on which to base this protection. Its widespread use, small block size, speed and simple API make it an ideal component for use in high-performance database servers. However, the Blowfish C code published in Dr. Dobbs Journal, September, 1995 was not re-entrant, a necessary condition for use in multi-threaded database servers. Accordingly, we modified the published Blowfish functions slightly to provide re-entrancy. (For more about Blowfish, here's a link to its description on Bruce Schneier's company website).

To confirm the correct operation and performance of these functions, we have prepared a general purpose multi-platform public-domain file encryption/decryption utility, as well as a family of programs intended to be used in conjunction with other applications (e-mail, text editors, etc.) exchanging encrypted text via clipboard in a format we call "textec".

To learn more about the TEXTEC family of programs follow the link; the rest of this page deals with our file encryptor utility. Unceremoniously called BURP (for Blowfish Updated Re-entrant Project), it is a console ("command-line") program we use for protection of the archival data storage and in our software and data distribution.

The current version of BURP is v. 1.20. It has been ported to and tested on additional platforms and includes numerous minor upgrades. However, the program output data format is the same as it was in our original release version. Specifically, BURP provides "plausible deniability": it produces "clean" ciphertext files (i.e., there are no file headers, key verification tokens, system, application or content identification strings, etc.). Consequently, a file encrypted by BURP appears to consists entirely of a random data stream - it can not be easily detected or "provably identified" as ciphertext, as long as the key is secure, or unless it is broken cryptographically.

You are invited to download and use this utility. Full cross-platform C language source is provided. There are no restrictions on its use and re-distribution (other than such general restrictions on the use and/or distribution of strong cryptography that might or might not be imposed by some jurisdictions on their residents).

BURP has been in continous use by a large and diverse group of organizations and individuals since 1998. We expect and welcome your comments on both its strength and functionality.

Download complete BURP 1.20 archive ( - full source, documentation and selected binaries). If you wish to verify its integrity, its md5sum is:
977171e18fb7c54adbf7c00a63133d39 *

If you need only a platform-specific executable, you may be able to use one of the binaries listed below. If you download and invoke the program with no parameters, it will list on the console its "use summary". A complete description of BURP's use and functionality can be found in the burp.txt file.

Note: this set of binaries is provided primarily for the convenience of recipients of our distributions. (We will gladly port BURP to any platform not included below - and make it available for public use - if we can be provided with temporary ssh shell access).

If you are encrypting your own data we strongly suggest that you download the source, inspect it and compile the program. Depending on the circumstances, it could be extremely imprudent to use any cryptograpy that has not been built from the source code in your possesion, inspected by you or someone you trust.

Download BURP for NetBSD DEC Alpha.
ffccceb9c392251f4664ae5ec0c498d3 *alphanbsd/burp

Download BURP for BeOS on Intel.
ddf18496f1b5905d60e254261bd16245 *beosx86/burp

Download BURP for Darwin/FreeBSD x86.
03e0c59cd10807172929045728ab0a96 *darwinx86/burp

Download BURP for 16-bit DOS, Win3.x.
b8dd1dda11a4f5717d52c1f68fd5948a *dos16\burp.exe

Download BURP for Hewlett-Packard PA-RISC workstations.
59acb6458134050cc97453f6dc266273 *hpux/burp

Download BURP for Linux on Intel using (old) libc5.
ff0debf0d77d2276bd183d51e170afe1 *linux5/burp

Download BURP for Linux on Intel.
9068813f642fc8415257f3c154162184 *linux6/burp

Download BURP for Mac OS X G4.
489edcb1aa4b8d5cd960f32282534be8 *macosx/burp

Download BURP for OpenBSD on Intel.
15aa8f28387384c117ebe8fd6dda6e67 *openbsd/burp

Download BURP for IBM OS/2.
ded223f251e640eb4a157fae4f72d3c9 *os2\burp.exe

Download BURP for IBM RS/6000 workstations.
c271964484ec7df2e0f5ea46fea4370f *rs6000/burp

Download BURP for Silicon Graphics workstations.
3a5e0c9f51cedbbe9082c2ada53fa568 *sgi/burp

Download BURP for Sun workstations under Solaris.
2ef464f3f3acc37f8e91485b777fa169 *sun/burp

Download BURP for 32-bit Windows variants on Intel.
(W9x, ME, NT, 2K, XP, etc.)
34e83b56af8f7d40186a40001b92e389 *win32\burp.exe

Download BURP for 64-bit Windows on AMD 64.
6c94ae2cabde55895cd85b1ac394b9e6 *win64\burp.exe

Download BURP for Zaurus (Linux on SA-1110).
0e0e54c0f3616afc0e4046a4ccdf6b52 *zaurus/burp

Additional Burp Links:

An example of use of Burp on Zaurus PDA can be found here.

A Win32 GUI "frontend" for Burp can be found here. Please read burp.txt file before downloading and using it, as such use of the program has serious security repercussions, and is best reserved for those instances where the attacker could never gain access to the computer used to produce encrypted files on removable media, or where the plainetx is intended to be permanently kept on a secured computer after the decryption.

Download our PGP public key.
Its md5sum is:
6ef8cefde0292d5887d06bf00e9da2f3 *geodysseypubring.asc

Return to Geodyssey's home page.

For more information about Geodyssey and Hipparchus, write, e-mail, fax or call:

Geodyssey Limited,
Suite 240, Panarctic Plaza,
815 8th Avenue South West,
Calgary, Alberta, T2P 3P2, CANADA
Tel 1-403-234-9848, Fax 1-403-243-3979,

Hipparchus® is a registered trademark of Geodyssey Limited.
© Copyright 1992, 2002 by Geodyssey Limited. All rights reserved.
Last revised 2002/12/03.