Thursday, October 10, 2013

NSA Cryptography Warning Does Not Impact PKWARE Security Software

on in Data Security 

When it comes to enterprise data security, it’s important to note that not all encryption algorithms are the same. As there are warnings about the strength of one encryption algorithm making headlines, we feel it’s important to make some distinctions about our own security software.
b2ap3_thumbnail_Encryption_Chain_Strong_Solid_Algo_PKWARE.jpgA crypto algorithm under scrutiny is not in use with PKWARE products.PKWARE does not make any use of the Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) from RSA, the Security Division of EMC, in any of its products, such as SecureZIP, vZip or Viivo. The Dual_EC_DRBG algorithm is the subject of warnings from RSA, which has stated that its encryption might be vulnerable to inspection by the National Security Agency.
As the BBC reported: “RSA, the internet security firm, has warned customers not to use one of its own encryption algorithms after fears it can be unlocked by the NSA … The advice comes in the wake of New York Times allegations that the NSA may have intentionally introduced a flaw into the algorithm – known as Dual Elliptic Curve Deterministic Random Bit Generation – and then tried to get it adopted as a security standard by the US National Institute of Standards and Technology.”
There has been uncertainty over which security vendors are impacted by this warning, as InfoWorld security writer Roger Grimes noted this week. Moreover, there have been warnings about the use of Dual-EC that go back to 2006, as Johns Hopkins cryptographer and research professor Matthew Green points out.
End-to-end encryption remains an invaluable and preferred resource for protecting your enterprise data from snoopers, hackers, breaches and end-user error. Strong encryption algorithms that use mathematical calculations to encode and protect data are at the core of our solutions are in use by tens of thousands of organizations each day. We are consistently reviewing and certifying all cryptographic libraries that are in use by all PKWARE products and we immediately inform customers if we discover any issues.
We have issued a technical advisory reinforcing the strength of our security solutions, a PDF of which you can find here. We’re open to discussions with businesses who are evaluating the best fit for their data security in light of the security warnings from RSA.

No comments:

Post a Comment