DataGateKeeper: First Encryption Software Engineered to Defeat Hacking Programs, Granting Superior Data Protection & Cloud Storage
Weiterlesen
45
Unterstützer
3.999 $
Noch 0
Sekunden
Dieses Projekt wird nur finanziert, wenn bis mindestens 25.000 $ zusammenkommen.
An dieser Stelle kannst du dem Projektgründer gutes Gelingen wünschen, Fragen stellen und dich mit anderen Unterstützern austauschen. Wir bitten darum, den Austausch stets respektvoll und höflich zu halten! Danke!
MyDataAngel.com, Inc. Projektgründer am May 14
Hello Eric, thank you for your Pledge & Questions.
I'll take your questions as you posed them -
1. Please see earlier reply to as to our plan for validation --
2. As per "Features" above our solution offers the safety of back-up & syncing.
3. That "typo" is now an 'easter egg'. Actually got by 6 different proof-readers we are happy the rabid cryptographic community is so diligent.
4. Plan to fund final stress testing & licensing.dll that works with obfuscation. Please see the first paragraph under 'Risks and Challenges" for more details.
Are you a Beanie or Cap guy? (on a side note the Beanie is really cool.)
Thank you for your questions.
Please share our campaign with your friends.
If a One-Click Solution to safeguard your digital Privacy and Confidentiality for data both 'at-rest' and 'in-motion' is important to you, please grab one of our Early-Bird Rewards.
Sebastian Guła am May 14
You guys have a great sense of humour xD
Eric am May 13
1) A standard in the cryptographic community is to publish the encryption algorithm in full. Please include a link to your encrpytion algorithm so that we can evaluate whether it's strong. Keep in mind, this should not be not a security vulnerability for your encrpytion software. If it is, then any reverse engineering efforts by 'hackers' would reveal the algorithm and they'd be able to find and exploit its weaknesses (especially government institutions).
2) If all you do is encrypt someones data, you don't actually protect it from deletion or ransomware. Only a good backup policy can do that, so don't make this claim or you'll risk litigation.
3) Your video editor spelled "encripted" on the last bullet point at 4:26.
4) Your goal is $25,000 and you've been working on this software for 3 years?? What are you expecting to fund with that? How large is your team? What is your business operational expenses? To me, $25k sounds wildly under priced in terms of what it would take to further develop, deploy and distribute your product.
5) Good luck!
Jay am May 13
Okay, nvm. I see the original comment. Not sure why I couldn't see it for a few minutes after posting :/
Jay am May 13
Okay, now I'm pretty confident that "active snooping" is happening!!!! I just posted this message:
"I'm a little concerned because kickstarter.com's preffered cipher suite is 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' Since kickstarter is using AES, I'm worried that you didn't get my last comment. Can you confirm receipt of my last comment? Luckily, I only pledged a dollar (so worst case senario, the government can have my dollar), but if I'm going to go all-in on this thing, I'll need a less broken channel to get you the money. Any suggestions"
AND I DON'T SEE IT ANYMORE!!!!!!
Jay am May 13
I'm worried that you didn't get my last comment because kickstarter.com's preferred cipher suite is "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256!" Since kickstarter.com is using AES, can you please acknowledge receipt of my last message? My confidence in this campaign has all but evaporated after finding this out. Should I pay you through some other, less broken channel? Luckily I only pledged a dollar so far (so worst case, the government can have my dollar), but if I choose to go all in, I'll need a more secure way to get the money to you guys. Any suggestions?
Jay am May 13
Hey Data Angels!
I have a few quick questions before I go all in on this thing (life savings I have buried in my yard)... I want to store my very sensitive white papers in your safespace. These white papers are super sensitive and will make you a target. The information was obtained legally, but, well, let's just say the US government doesn't want these white papers to exist. I have scientific proof that chemtrails seen lingering in the wake of some jetplanes are the result of mind-control chemicals being dispersed by the United-States Airforce to try to calm the population so we don't revolt (they were experimenting with a new formula in certain areas over "rural" states which actually led to Ferguson police killing that fellow Michael Brown and also the subsequent unrest but they switched back to the original formula and now people are calm again).
Anyway... so needless to say these documents will bring the entire wrath of the US government and each and every yoyo toting hacker from the Dark Web (including the deep web, even). Are you guys sure you're up for this challenge? I was using AES before and I had my whitepaper deleted (twice) by the FBI (probably using their backdoor) and I had to start over. AES also doesn't seem to be able to encrypt certain file formats. I have a few questions that I would like seriously answered:
1. Your KS page says that you do NOT allow repetitions, but you say this repeatedly throughout the page which doesn't inspire confidence. How can you NOT allow repetitions in your code but you seem to have missed these repetitions on the project page?
2. Do you guys plan to bring in a Computer Hacking Wizard (like adrian lamo) to try to hack you so that we know you can't be hacked?
3. Can I get the First Responder package even though I'm not (technically) a first responder?
4. Is the USB shtick UL certified? I don't want any electrical fires like the one I had from that usb drink warmer/person fan.
Thanks in advance,
J
cybergibbons - Andrew Tierney am May 13
FYI I could not back any more than $1 - you only allow shipping to the US. Can that be changed?
srujan am May 13
Hi there,
I am very intrigued with some of your claims and would like to get little more information:
1. You say the encryption scheme is * mathematically unbreakable*. What proof do you have, information theory or complexity theory?
2. What kind of construction are you using: s-box, p-box, SPN? How many rounds?
3. What block sizes are allowed for encryption?
4. What is your key management strategy?
Before you tell me those details cannot be disclosed for security reasons, please note that Security Through Obscurity (http://www.pearsonitcertification.com/articles/article.aspx…) is a myth.
Thanks
Doug am May 13
This comment has been removed by Kickstarter.
MyDataAngel.com, Inc. Projektgründer am May 13
Andrew, Steven,
Back to you with answers shortly.
Thank you for your questions -- Very good!
MyDataAngel.com, Inc. Projektgründer am May 13
Phillip, Doug,
Gentleman please confine your comments to those appropriate for general audience, yours are out of line. Would you prefer your $1 & $2 dollar Pledge refunded? We are happy to comply.
Please note: We welcome questions and comments as long as is they are framed appropriately and germane in nature.
All Backers are welcome and frankly encouraged to make relevant comment or ask questions. By example, please see posts by Steven, Andrew and Bill.
Philip Patsch am May 13
“It would be funny if it weren’t so sad” – Jonathan Coulton, “Want you gone”, Portal 2
cybergibbons - Andrew Tierney am May 13
I have a few questions:
1. Some places say your algorithm is 512bit, others 512kbit. Which is it?
2. Can you provide links to evidence that AES is backdoored, or even compromised in anyway? It's been around for a long time because it is secured.
3. Are you not expecting your algorithm to be reverse engineered as soon as it is released?
Doug am May 13
This comment has been removed by Kickstarter.
Steven McGrath
Superbacker
am May 13
I'd also like to point out that on your website you mention all of the recent large-scale public attacks over the last couple of years. The insinuation is that you could have helped prevent them. Can you please elaborate with more detail?
Steven McGrath
Superbacker
am May 13
I'd have to echo Bill's sentiment. an Independent 3rd party review of the encryption algo and methods would be the only way I would see trust of this system work. Further how is the encryption performed? is it a synchronous key? is it a key pair (public/private). How are you dealing with the data in the cloud? Is the crypto backdoored? what would happen if you received a warrent for the information stored in your cloud env? These questions and more.
Bill am May 12
I'm actually an 'infosec' guy.
I'm wary of proprietary and trade secreted encryption because many people do it wrong which results in the perception of security, but its really not. I've been on many calls with vendors who say things like 'we protect 250 of the fortune 500' but when I bring their product in house to test it falls like a house of cards. The worst one was an IAM system that displayed the user passwords to the admin!
Maybe you could get Bruce Schneier on board.
I also looked at your team on the kickstarter page and didn't see anyone who was obviously a cryptographic expert -- except maybe Frankie. It would add credibility to list out some of their credentials if they are the members that designed the algorithms.
MyDataAngel.com, Inc. Projektgründer am May 12
Hi Bill,
Thank you for your $1 Pledge & question. Every Backer counts and we appreciate your support.
By your KS profile, we see you are an open source ‘guy’. Super. Therefore, from that perspective we will attempt to frame a satisfactory answer to you, as our data security solution and software is never likely to be available via open source under any known circumstance. We hope you understand.
As to cryptanalysis, we are all in favor of it, and have a plan forward I would love to share with you and the Kickstarter Community.
Following independent validation from Underwriters Laboratory of our cryptographic module, and, post, the patent process (currently, we rely on trade secret to protect our algorithm) we will release our algorithm to the broader community. Please note: We will only release our algorithm for analysis under a very specific set of guidelines, which we will determine after the UL process. We have spent, coming up on 4 years, developing Deterrence, our cipher, now named the DataGateKeeper, specifically away from, and outside of, prying eyes as not to compromise the integrity of our data security solution or the coding of our software.
Given the above, our plan for the DataGateKeeper cryptographic module is as follows:
In December (because it is in our best interest), we plan to submit our validated enterprise module (1024KB) to FedRAMP℠ as a Cloud Provider. Frankly, they need us, given the U.S. OPM breach. We are hopeful, by that time; the respective agencies overseeing such validation will have committed to a new pronouncement standard, which contains international peer review as a way to remove outside influence over the coding process. If they have not, we will not submit our cryptographic module.
As you likely know, current FIPS standard is 140-2, and is a joint U.S./Canadian validation program dating back to the turn of the century, older than most cars on the road today.
Given the abject failure of AES to secure and protect data, both the White House and Secretary of Commerce, understanding that a new data security standard is vital to national security, corporate and private interests, proposed FIPS 140-3 in late 2013. Their proposal included the type of international oversight we are looking for via International Organization for Standardization/International Electrotechnical Commission (ISO/IEC). This proposal was deemed 19790:2012, as a way forward. This international oversight would prevent the type of interagency meddling which has now compromised AES.
Unfortunately, 19790:2012 was abandoned following intelligence agency pressure.
Late last year (2015), NIST formerly released a statement on the Federal Register seeking comment which included portions of 19790 (deemed 19790:2014), to update 140-2. Again, hamstrung by interagency infighting over a path forward, this most recent NIST pronouncement has been called ‘dead-on-arrival’ by Members within the U.S. Senate Select Committee on Intelligence. This attempt to update 140, which would have required mitigation of non-invasive attacks at KB strengths we are deploying, and introduced the concept of a public security parameter, among other items, many of which we favor was a step forward along the correct path.
While likely pollyannaish, we believe the agency oversight is necessary, if, ‘hand-off’ and ‘independent’. However, given the intelligence communities influence, both here and abroad, the word independent has taken on new meaning as has the definitions for Privacy, Confidentiality and, increasingly 4th Amendment.
Thank you for your question.
Please share our campaign with your friends.
If a One-Click Solution to safeguard your digital Privacy and Confidentiality for data both 'at-rest' and 'in-motion' is important to you, please grab one of our Early-Bird Rewards.
Bill am May 11
Please provide a cryptographic analysis by a third party of your new algorithm.