Introduction

Welcome to Cyberspace

Whether we like it or not, the age of information is upon us. You are already a citizen of cyberspace unless you were raised by dingos in the outback. Your personal information is in government and industry databases and it passes from hand to hand with whatever level of privacy they choose to give you. If you have acquired our software program, you likely also have information of your own on a computer, and likely are sending e-mail across unprotected networks.

We have been working on the DataHush code since 1985, when we saw the need to protect our own data. Over the years, the code and strategies have been improved to the point where we feel we have a virtually 'unbreakable' system. Until the recent rapid growth of the internet, we did not feel that there was a wide-scale need for our product commensurate with bringing the product to market. Since the late 1980s code has been available in various forms from other parties, and we felt no need to compete. A number of developments have changed our thinking.

Before it becomes illegal to distribute and use strong encryption (as has already happened to some extent in the United States), we want to make strong encryption a fact of life that can't be taken away.

Why should we care? Encryption is used to 'hide' secret communications. However, it also has an important role in verification of identity. The PIN number on your bank card identifies you to the banking machine. Once the code is entered along with the card, your money comes out of the machine and your account. The machine assumes it's you when it gets the PIN number. Whether it was you or not, the money comes out of your account. You can trust me when I say that the bank will not be putting the money back into your account, even if you insist it was not you who removed the funds.

However it is used, you have a strong vested personal interest in how encryption is done and the rules which govern it. As your identity moves deeper into cyberspace, you have a right and a responsibility to make sure that only you have control over your private information.

We discuss encryption in more detail in the appendices, but it is important to cover a few basics here. Let's say you need to communicate (electronically, let's say) with your bank manager. You wish him to send a large amount of money to a relative who is in a jam in a foreign country. You need a method whereby he knows for sure that the message is from you and not someone else. There are situations where you wish transfers of funds to take place and you would like them to happen without delay. There are also lots of people out there who will take advantage of any weakness in the system. Until now, the banks have kept one step ahead of criminals But this is an electronic arms race, and the criminals are catching up. One reason in particular that industry is falling behind is that certain individuals who enjoy the luxury of monitoring our communications would like to continue to do so. To this end, they have worked very hard to see that strong encryption is available to them, but not to you.

If you are reading this manual, you likely are ahead of us here. We don't want to preach to the converted. There are reasons that people would like to keep their electronic information a secret and reason why others would like to prevent them from doing so. One way of preventing you from using strong encryption is confusing you by presenting a thousand weak methods and thus reducing the chance that you will pick a strong method, even if it's available. Another method of preventing you from using strong encryption is by fooling governments into legislating against it. Astonishingly, this movement is so far along that they have actually succeeded to some degree. A final method that has always been used is to 'crack' the strong encryption, thus making it useless, but not revealing that it has been cracked, thus rendering it worse than useless. Think about this for a second: You are sending a message that was protected by strong encryption. If the encryption has been broken, the formerly strong encryption acts as a flag that says 'hey - look at me, I'm important - better read me!'. If you are going to use encryption even once for an important message, you are much better off to always use encryption, even for the most trivial message. This radically increases the burden of the attacker who is trying to get that one important message. He now has to open and read everything.

There are any number of systems available to encrypt information. What makes us different? Well, before we get to that, let's look at what encryption is, what makes it strong (good) and what makes it weak (bad):

Encryption is the process of rendering a plain message into a secret message. The plain message can be read by anyone, the secret message can only be read by someone who knows the secret. Here's a secret message:

 

Here's the 'secret'.

 

H	y	y
a		s
p	D
p	a

Here's the real message

 

In most modern encryption systems, considerably more complex transformations take place, and they make it even harder by making part of the secret something contained outside of the message like a 'key' or a 'password' or both.

Here's an example of a simple system using a key:

 

 

In general, an encryption's strength relies upon the following:

We are predicting that data security will become one of the hot topics of the next century. It will become vital to every individual and business that they can secure their transmissions. During the next few years, this will be foreshadowed by an increasing emphasis by businesses that their systems be accessible, but proven secure.

One of the things that will likely become a tool used by everyone is some type of encryption robot that will package their communications for secure point to point transmission. This must be under their control. They must be able to configure in such a way that a transmission intended for one target be absolutely secure against other targets -- even 'friendly' ones.

There are any number of schemes available at this time, but they all have certain weaknesses that we feel we have overcome. The main weakness with known published schemes is exactly that - they are known and published. This gives the entire world a chance to invent techniques to break the codes. A good example of this is the so-called 'public key' systems (see a more detailed discussion in the Appendices). These were widely thought to be secure, but since the technique was published, it became a matter of research interest to look for a weakness. Surprisingly, one was found. We use a number of techniques that will be guarded from general publication. These techniques offer additional advantages which are discussed in our 'Encryption Strategies' section below.