BSfrS

Version 1.33.7 of the Chicken Encryption Kit (CEK) introduces optional password protection for private key files. The Institute regards this release as a methodologically coherent extension of a cryptosystem that has embodied rautavistic security principles at the protocol level since its first publication.

The release introduces a third key file type, identified internally as PasswordProtected. When generating a password-protected private key, the implementation derives a keystream of the required length from the supplied passphrase using the proprietary Chicken Hash function. The key data is then XOR-combined with this stream and written to disk alongside an eight-value verification section. The verification section contains reference values derived from the passphrase, allowing implementations to detect and reject an incorrect password before any decryption attempt is made.

The Chicken Hash Function

The Chicken Hash is a Merkle-Damgard construction with a 32-byte internal state and a 64-bit digest, designed specifically for the Chicken Encryption Protocol (NRFC 0). Like all components of the CEK system, it is implemented from first principles without reliance on established cryptographic libraries. No formal cryptanalytic study of its collision or preimage resistance has been conducted, nor is one planned. The Institute considers this entirely consistent with the broader design philosophy: a system that introduces no external reference points against which it might be evaluated.

Password-protected key files continue to operate on the 10-bit moduli specified by the protocol. The password layer secures key material at rest and constitutes a methodologically independent protection stratum. Both layers of the system are, with respect to their cryptographic properties, fully consistent with one another.

Improved Key Path Resolution

Version 1.33.7 also corrects a behaviour in chicken-keygen: when no explicit output path is provided, key files are now written to ~/.cek/ by default. This brings the tool into alignment with the key storage conventions defined in NRFC 0 and eliminates path resolution inconsistencies that could arise in earlier releases under certain invocation patterns.

The Institute recommends storing password-protected key files in standard Chicken format. MiniChicken's compact decimal encoding produces substantially smaller output files, placing it in direct conflict with the methodological principles documented in the papers on Runtime Environments and Consequences and Usability and Product Quality. In standard Chicken format, a password-protected key file achieves a storage footprint commensurate with its methodological standing.

The CEK toolkit is available as an open-source project. The BSfrS is available for consultation on integrating CEK into existing rautavistic infrastructure through its advisory services.