Encryption Wizard (EW) https://www.spi.dod.mil/ewizard.htm is simple, strong, Java-based file and folder encryption software, developed by the American military, for protection of sensitive information. EW encrypts all file types for data-in-transit protection, and supplements data-at-rest protection. Without requiring a formal installation or elevated privileges, EW runs on Microsoft Windows, Mac OS X, Linux, Solaris, and many other operating systems. Behind its simple drag-and-drop interface, EW offers 128- or 256-bit AES encryption, several secure hashing algorithms, searchable metadata, encrypted archives with compression, secure file deletion (often called "scrubbing" or "shredding"), and PKI/CAC/PIV support.
EW Public Edition may be downloaded and used by anybody at no charge. It uses the cryptography support already present in Java. It contains all the important features of EW and serves as a good introduction to the software. (EW Government Edition is FIPS 140-2 validated. It uses a third-party cryptography module licensed for use by Federal employees and contractors only.) The two editions (Public and Govt) are interoperable.
EW Public Edition doesn't provide its own implementation of AES, it just uses whatever is supplied by your Java Runtime Environment. The AES algorithms and their underlying Rijndael ciphers are well known, publicly available, and extensively analyzed. No feasible attacks against AES have yet been demonstrated.
Is there a backdoor in EW? The software authors say no, explaining that a backdoor to a system needs a key. If the key to a backdoor were to get out (whether by accident, malfeasance, or disgruntled employees is irrelevant), then whatever is protected by that system becomes vulnerable. Given that the primary use of Encryption Wizard is to protect sensitive information relevant to the US DoD, inserting a master backdoor would be dangerously risky and profoundly shortsighted.
Can the TENS Encryption Wizard be trusted? Yes probably, as much as any encryption software can be trusted. It provides strong encryption that is more than sufficient for most personal or business use.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.