Wednesday, January 10, 2018

Encryption Wizard

Encryption Wizard (EW) https://www.spi.dod.mil/ewizard.htm is simple, strong, Java-based file and folder encryption software, developed by the American military, for protection of sensitive information. EW encrypts all file types for data-in-transit protection, and supplements data-at-rest protection. Without requiring a formal installation or elevated privileges, EW runs on Microsoft Windows, Mac OS X, Linux, Solaris, and many other operating systems. Behind its simple drag-and-drop interface, EW offers 128- or 256-bit AES encryption, several secure hashing algorithms, searchable metadata, encrypted archives with compression, secure file deletion (often called "scrubbing" or "shredding"), and PKI/CAC/PIV support.

EW Public Edition may be downloaded and used by anybody at no charge. It uses the cryptography support already present in Java. It contains all the important features of EW and serves as a good introduction to the software. EW Government Edition is FIPS 140-2 validated. It uses a third-party cryptography module licensed for use by Federal employees and contractors only. EW Unified Edition is FIPS 140-2 validated, and may be downloaded and used by anybody at no charge. It uses a third-party (Bouncy Castle) cryptography module with no distribution restrictions. The Unified edition requires that your Java installation be permitted to use 256-bit keys, even if you never actually use anything stronger than normal 128-bit keys. The three editions (Public, Government, and Unified) are interoperable.

EW Public Edition doesn't provide its own implementation of AES, it just uses whatever is supplied by your Java Runtime Environment. The AES algorithms and their underlying Rijndael ciphers are well known, publicly available, and extensively analyzed. No feasible attacks against AES have yet been demonstrated.

Is there a backdoor in EW? The software authors say no, explaining that a backdoor to a system needs a key. If the key to a backdoor were to get out (whether by accident, malfeasance, or disgruntled employees is irrelevant), then whatever is protected by that system becomes vulnerable. Given that the primary use of Encryption Wizard is to protect sensitive information relevant to the US DoD, inserting a master backdoor would be dangerously risky and profoundly shortsighted.

Can Encryption Wizard be trusted? Yes probably, as much as any encryption software can be trusted. It provides strong encryption that is more than sufficient for most personal or business use. Encryption Wizard is particularly useful for encrypted communication between US Government agencies and other agencies and organizations that don't have compatible PKI encryption.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.