DTSCRYPT provides DTS transactions and intersystem communication a very secure environment where business critical data may be transferred as DTS messages over insecure communication lines safely. The level of security that can be achieved is limited only by the computation capacity of the hardware used. Certain European Union and international export rules may restrict the export of strong encryption software to some countries. DTSCRYPT does not contain any kind of backdoor or bypass feature implemented to allow certain authorities to break encrypted messages.

In practice the length of the crypting key used is limited only by the arithmetic calculation capacity of the computing hardware. Generation and exchange of keys is handled using the Diffie-Hellman algorithm and DTSCRYPT allows key lengths from 64 to 65536 bits. With current computing systems the practical range of key lengths is from 256 to 2048 bits. The crypting key is unique for each executed transaction, and can be reconstructed several times a second, depending on the length of the key selected and the calculation power of the hardware. The symmetric cryptography algorithm has been chosen to be Triple DES-EDE3-CBC. In addition to the symmetric encryption the crypted message is always recrypted using a mask constructed from the unused bits of the Diffie-Hellman key.

Breaking the method used for DTSCRYPT data encryption would require breaking the original Diffie-Hellman keys. This is the more impossible the longer the key length used gets. If necessary the unique key pairs for each transaction can be signed with a special identity known by the client and server system only. Using the key signature option will even protect the transfer against "man in the middle" IP address rerouting attacks.

DTSCRYPT is available for

• DTS/WinNT
• DTS/HP-UX
• DTS/LINUX
• DTS/Tru64 UNIX