New Features coming in Release 0.01.00
Corrections First Beta
Known defects and requested improvements from the first development release will be implemented (See 'Known Issues).
Options feature
An options feature will be implemented in the new release. Options to govern default behaviors will be available from a simple tabbed dialog box. A sample screen from the version under development is shown below.
Massive Keys
The program in testing was limited to 16 byte key lengths which were effectively 96 bits long. This is a powerful key length that exceeds the U.S. export limit of 40 bits, but is not seen as the maximum in security. The new release allows for key lengths exceeding 1000 bits. We hope to include an option to use 'massive keys' which will be contained in external files. These keys will be on the order of megabits in size, allowing for a pseudo one-time pad method of encryption.
User definable keys
An option will be included to allow users to specify the length of keys to be generated.
Steganogram options
It has long been known that encrypted messages can be hidden in other data files such as pictures. No program has made this accessible to the average user. The coming release of DataHush will allow users to simply pick a bitmap and embed a message in the image. Additional data types will be supplied such as Excel spreadsheets. The embedded message will benefit from our strong encryption as well as hiding in a plausible data file.
Secure Point to Point Transfer
The next release will include a secure point to point transfer option that allows users to connect to other DataHush software users machines directly via modem. This will be our own proprietary secure connection that will allow the safe transfer of data files, including massive keys.
Pseudo massive key generation
We will be including a pseudo one-time pad generation algorithm in the next release. This will allow users to pick data files on their own machines to act as seeds. These will then be scrambled using our 'lost horizon' bit smearing algorithm, compressed, re-encrypted and stored as a 'massive key'.
Improved Key management
Key management is simple and flexible already, but will be improved to add new features. This includes an updated key format that will include information allowing the program to automatically select keys.
Improved Key structure
The key structure is being upgraded to include necessary source information such as key and password digests, original filenames (optional), and improved message digests. The improved digests by virtue of being 'many to one' one-way functions will allow the program to pre-compute and validate keys, passwords and encrypted source data without compromising security.
Escrowed keys
We will be including a limited company escrowed keys in the next release. This will be to test our key escrowing feature for the commercial product. Key escrow allows the user to apply to have files decrypted using their own key in escrow with the company, in the case of key loss. In addition to pre-escrowed keys, the program will include a protocol for key escrow. User key escrow allows, for instance, for a company to use many different keys, but to store keys in escrow, so that should a key owner be incapacitated in some way, their data can still be recovered.
Pre/Post Conditioning and 'Drop Out'
The next release allows users to install third party 'plug-ins' to improve encryption. The data is passed to a 'pre-conditioning' dynamic link library prior to the encryption process. This will allow users to do things such as automatically escrow keys, apply for keys from a server, and to satisfy themselves that they data stream passing to our routines is truly secure from any 'back-doors' that we might have included in the software. After pre-conditioning, the data will be passed to a 'Drop-Out' command line routine, if the user wishes. An option to bypass our built-in encryption will also be provided. After encryption, a post-conditioning routine will be called with the encrypted data and key/password information. This will allow third party routines to validate the outgoing stream to see if it conforms, store escrow information or communicate with other programs.
Smart note decryption
The new version allows for notes to contain embedded encrypted portions, without losing the clear text portions. This would allow, for instance, a team of people working on a project to see the same note as team members with higher clearance. Only the portions requiring a higher level of clearance would be able to see the encrypted portions.
Improved randomization
Randomization functions can be a particular weakness in encryption systems. The next release will allow methods of introducing truly random seed data from physical processes. This includes a 'scribble function' using the mouse, keyboard latency and generation of randomization files from existing files on disk.
|
