v1.0.0
rafael-santiago
released this
30 Mar 16:55
·
308 commits
to master
since this release
Features
- Code re-written from its original 2006 code.
- Now files are encrypted and gathered by using a scm concept (repository).
- Cryptographic library also re-written.
- More encryption schemes are available, including HMACs.
- Available mode of operations: CBC, CTR, OFB.
- Possibility of protecting the repository with one or two keys (keyed alike or twice).
- Usage of key derivation functions when assembling the protection layer from the user key(s).
- Adoption of more modern and secure hash functions.
- The first layer key can also be authenticated with bcrypt.
- Now cascading can be applied by using two ways (single and otp).
- Vpn tunnel less dependent of environment conveniences (by using socket functions hooking).
- For network encryption, E2EE also available with double ratchet like mechanism.
- Vpn tunnel can use modified DH scheme for a session key agreement.
- Plausibly deniable encryption.
- Data wiping using some points observed in DoD 5220.22-M.
- A command to set the file access time (access, creation, edition) for a default one.
- Device driver for NetBSD, FreeBSD and Linux that enforces some paranoid cares: by detecting syscall hooking, hiding the files in a repository, hiding the entire repository in order to avoid data leaking (some intruder downloading your stuff). Enforcing the main idea: when you got a leak, it was the minimum leakage possible.
- Now UUEncode is also a option for data encoding besides Radix-64.
- RAM swapping mitigation by using Posix capabilities.
Bugfixes
- otp dumper was not being included during the writing verification [commit-id: #b16334].