Lazybit

This beta is now obsolete, go for the release version instead.

An updated version of the upcoming Keeper 4 is now available: http://files.dekart.com/beta/Keeper4-starscape.zip

It is a more polished version of the previous release, described here.

A fresh beta of Logon for Vista is now available for download: http://files.dekart.com/beta/Logon-2.23.1-TVMonday.msi

Changelog:

• It works in Windows Seven
• It works with biometric scanners integrated into most modern laptops, as well as other fingerprint scanners (no additional configuration is needed, as long as the fingerprint scanner driver is installed)
• Key backup feature has been added
• Various bug-fixes

Note: The download link is obsolete, copy the final release version instead

A new version of Secrets Keeper is about to be released. It will be called Keeper. You can download a preview from this address: http://files.dekart.com/beta/Keeper-nohands.zip

An installer is not yet available, but we're working on it. At this point just unzip it. Run the included BAT file to enable the integration into MS Office and Windows Explorer.

Of course, no story is complete without screenshots, so here we go (screenshots are clickable):

Keeper's main window, nothing special in it, but notice that the main menu is not shown by default.

The key management window enables you to manage the passwords and contacts stored on your keys. Keeper will generate passwords for you, as well as evaluate their strength. You can have an unlimited number of groups and contacts in each group.

The email addresses will be used when you click the "encrypt and email" option.

The file encryption dialog. You can choose whether you wish to use a password from a key connected to the system (otherwise type it by hand). If you use a password from the key, you can choose which group to encrypt the data for.

• You can create self-extracting archives, so people who don't have Keeper on their computers can still decrypt the files you sent them (if they know the right password, of course);
• You can wipe the original files, to make sure they cannot be recovered using forensic methods. This is handy if you're encrypting your po world domination plans;
• Encrypt and email will automatically start the default mail client and create a new message, with the encrypted file attached to it.

The settings window looks like any other settings window.

Note that the update checking feature does not work yet, therefore if you wish to track Keeper's progress, check this page every now and then.

Keeper integrates itself into the Microsoft Office suite, enabling you to encrypt files or decrypt them from within Word, or other programs from Office.

Keeper 4 also integrates itself into the context (right-click) menu of Windows Explorer. This gives you quick access to features such as:

• File wiping - remove sensitive data without leaving a trace
• Encrypt
• Encrypt and email

If you right-click an encrypted archive, you will see options such as:

• Decrypt...
• Decrypt here
• Decrypt to <name of file>
• Decrypt each archive into separate directory (when selecting multiple archives)
• Decrypt each archive into separate directory and make me a cup of tea

As you can see, Keeper 4 is a huge step forward from Secrets Keeper 3.5. The new version is prettier, it provides an excellent user experience, and it will run on platforms other than Windows ;-)

A new beta of Password Carrier is now available, it brings Vista compatibility into the game; 32-bit and 64-bit versions of Windows Vista are both supported.

Other changes:

• An error was fixed - at times the program would fail if the number of collected credentials would exceed a certain threshold;
• Inactivity is now shown via a tray-icon (the program locks itself if the computer is left unattended)

How to update

Simply extract the contents of the archive to the removable disk, overwriting the current files of the program. Make sure you do not delete any of your .dka files (the profiles that contain your identities, and the credentials associated with each identity).

The beta is in a stable state, there are no known issues with it. The program is now an official release, and can be retrieved from dekart.com.

***

Why Password Carrier

Password Carrier is not just another form filler, it is much more than that, because:

• it was designed with security in mind - the collected data are encrypted with AES-256;
• biometric authentication can be used as a third authentication (along with "something you have" - the USB key, and "something you know" - the PIN);
• it is absolutely portable - works on any Windows system, does not require administrative privileges;
• all the private data are always with you, and updates happen on-the-fly - newly memorized passwords can be used on other computers, not only on the one on which they were captured;
• Password Carrier understands the meanings of the fields - so that if the design of the web-page is updated, it will still be able to figure out where to type in the data.

A new stable beta version of Private Disk 2.10 has been made public, it can be downloaded.

Here are some of the highlights:

• A much more flexible Disk Firewall;
• A more secure Disk Firewall;
• An easier way to change passwords;
• Faster disk creation speeds (when the disk is filled with random data for more security);
• Ability to run as a service;

A lot of changes were made under the hood, being related to how Disk Firewall works. Graphically, the changes are represented by two new checkboxes:

Disk Firewall now includes a training mode, which makes it easier to configure this mechanism. From now on you don't have to manually indicate paths and figure out which programs should be allowed to access your encrypted data, and which ones not. Just enable the training mode and keep using your software as you normally do. Whenever an application attempts to access the drive, something like this shows up:

At this point you can see which program wants to access the disk, and decide whether you want to allow this or reject the attempt. The program's path is shown too, and so is the program's icon - now it's easier to get things figured out without doing any further research.

Another change is the ability to verify the integrity of a trusted program. For example, Explorer.exe was allowed to access the virtual encrypted disk; but what if the program was infected with a virus? Since it is trusted, it will be able to access the data, and there is a chance that data loss will occur. That's not the case anymore. Disk Firewall verifies the integrity of the program when it is added to the white list and "takes its fingerprint". When the program wants to access a protected file, its fingerprint is compared to the original one, and if they don't match:

You're notified about a change in the trusted program. If you're aware of any updates of this program, or if you modified it yourself - you can allow this change. Otherwise you can click Deny and check the program with an antivirus to see if everything is OK with it.

The program's integrity is verified with Dekart's NIST-certified implementation of AES-256.

You might ask why an encryption algorithm is used to verify a program's integrity, rather than a hashing algorithm. The program that accesses the disk is encrypted with AES-256 in CBC mode; at the last step of encryption, a 256-bit long chunk is obtained and memorized. Afterwards when the program tries to access the disk, it is encrypted again and the last 256-bit chunk is compared to the original one.

The encryption key is individual to each encrypted disk, so even if the same program is a trusted one for multiple virtual disks, it will have different 'fingerprints' for each case; while a hashing function would generate the same 'fingerprint'. Now, picture a hypothetical case in which someone manages to find a collision and modify a program's code in a malicious way, without changing its hash - if this were true, the now malicious program would be able to compromise all your encrypted disks, which is very bad, to say the least... Our approach is immune to such attacks.

Other changes will be commented later.