d120701b: DKX Password Security Express [latest]

Latest version: available on the Internet at
<http://nfoWorks.org/dev/2012/07/d120701b.htm>
Proof-of-Concept Structure most-recent electronic update available at <http://nfoWorks.org/dev/2012/07/d120701c.htm>.

Foundation

The first aspect of DKX Password Security Express development is to assemble existing components and confirm their operation in simple test fixtures. These components have standard definitions and there are available tests that should be usable.

Utility Support

The utility support includes acquisition of components that are available for

Creation and execution of console applications

Using Java
Using C/C++ for x86
Using C/C++ for x64

Handling of conversions among base64Binary, hexadecimal string forms, and binary sequences

Conversions and/or handling of Unicode character sequences in UTF-8 and other forms

Simple input-output and command-line control for use in scripts

Scripting for Windows and *nix execution

Basic Components

The basic components that are to be assembled and confirmed are

Generic SHA1 digest calculation
- Available implementations
- Replicated implementation from Standard specification
- Collection of test vectors and known digests
- Comparison with ODF SHA1 protection key derivations
Generic HMAC-SHA-1 authentication code calculation
- Available implementations
- Replicated implementation from Standard specification
- Collection of text vectors and known authentication codes
- Comparison with use in ODF Toolkit and any other cases
- Verification that the usage in PBKDF2 implementations is as understood
Generic PBKDF2 with HMAC-SHA-1 Key Generation
- Available implementations (especially used with ODF documents)
- Replicated implementation from Standard specification
- Comparison with any known cases
- Calibration of performance using known implementations

These components can be used in a tool chain to produce the same results that integrated operation should provide.

Integrated Operation

The next step is to integrate the generic components into the specific DKX packaging, with the DKX APIs.

The tool-chain results should be confirmable and both forms of fixtures remain available for forensic analysis and isolation of discrepancies.

There needs to be hardening of integrated operation, since it completes the Proof-of-Concept.

These fixtures remain available for potential production testing and forensic analysis.

The trustworthiness structure and application of TROST principles is also explored with respect to the proof-of-concept DKX packages.

Baseline Performance measurements are captured and repeatable in the confirmation of improvements achieved in the evolutionary optimization.

Evolutionary Optimization

The next stages involved custom optimization in order to accelerate DKX operations for Express performance.

Native code and optimizing compilers will be used to improve performance in the DKX envelope beyond what is obtained relying on generic reusable code.

If native code performance is improved enough, the use of native integration for other execution models (e.g., Java) can be introduced as well.

The basic contribution of the Proof-of-Concept at this point is to make evolutionary optimization confirmable and measurable.

Special hardening considerations will also be required for these cases.

Attribution:

Hamilton, Dennis E.

DKX Password Security Express: Proof-of-Concept Sketch. nfoWorks devNote page d120701c 0.00 July 7, 2012. Available at <http://nfoWorks.org/dev/2012/07/d120701c.htm>.

Revision History:

0.01 Placeholder for first completed version

[TBD]

0.00 2012-07-07-16:24 Initial Placeholder

Provide initial placeholder content for the structure of the proof of concept development. The content is not refined beyond a minimum for initial usage.