Stuff
OS/400 Edition
Volume 3, Number 5 -- February 4, 2003

PKWARE Refreshes Entire PKZIP Line with 256-bit AES Encryption


by Alex Woodie

PKWARE brought strong security capabilities to its complete line of PKZIP compression tools last week. The Advanced Encryption Standard (AES) encryption algorithm that ships with the latest releases of its PKZIP for OS/400, MVS, Unix, and Windows products allows companies to encrypt their compressed files with keys ranging from 128 bits to 256 bits in strength. This new encryption capability surpasses the product's previous 96-bit encryption key, and meets or exceeds IT security requirements being mandated by the U.S. government.

display

The AES was selected by the National Institute of Standards and Technology in November 2001 from a field of five encryption algorithms that were competing to be the replacement for Data Encryption Standard (DES) and 3DES algorithms that have been the standard in government for years, but which have proved to be susceptible to code-crackers. The algorithm that the NIST chose to be the AES was originally called Rijndael, and it was developed by two Belgian cryptographers.

Before selecting AES, PKWARE evaluated two other encryption algorithms, 3DES and Twofish. According to Tait Hamiel, PKZIP product manager, AES was hands-down the fastest of the three algorithms. "3DES was written for hardware, and the port over to software was anything but elegant. It runs like a pig," he says. "Twofish was faster than 3DES, but the fastest, no doubt, was AES."

As for how fast AES encryption runs, PKWARE has conducted benchmark tests that show AES--even at 256-bit encryption--runs faster than PKWARE's old, proprietary 96-bit encryption, Hamiel says. While customers who are experienced with PKWARE's previous encryption speeds will likely see performance increase with the new AES encryption technology, companies new to the game would be wise to research what effect computer-intensive encryption operations will have on their OS/400 server.

The AES algorithm is freely available as open source, and the PKWARE AES implementation includes the native 128-bit AES encryption, as well as 192-bit and 256-bit encryption keys. Delivering 128-bit encryption is critical to supporting companies' initiatives to come into compliance with the Health Insurance Portability and Accountability Act of 1996, which requires 128-bit encryption of patient records and goes into effect on April 14. Several of PKWARE's recent customer wins come from the healthcare field. Another government mandate driving security and encryption requirements is a provision of the Gramm-Leach-Bliley Act that requires financial services firms to keep consumers' private information out of the public realm.

The 128-bit encryption capability of AES makes it many times more secure than 56-bit DES keys (on the order of 10, followed by 21 zeros, says Hamiel). AES also incorporates two other features that make it even more secure. Cipher Block Chaining helps to foil hackers who might try to decode the encryption key by analyzing encrypted data patterns, by preventing the same encrypted data pattern from ever being repeated. Security is further bolstered in the AES by the inclusion of the SHA-1 hashing algorithm, which encrypts the encryption keys. "The triple layer of security that AES offers in conjunction with the elegance of the algorithm equates to an extremely secure and efficient security solution," Hamiel says.

Steve Crawford, PKWARE's chief marketing officer, says the new AES algorithm elevates the status of PKZIP, which sets the standard for data compression, into an affordable and easy-to-use security tool. Crawford, who previously worked at digital certificate management firm VeriSign, says there has been some success in security software since IT security concerns rose to the forefront in the late 1990s and in early 2000, as evidenced by today's powerful firewalls, virus protection software, and the like. "But in terms of getting security solutions that are easy to use, are easy to deploy, are easy to support and are interoperable, the dream has gone unfulfilled," he says.

In making the case for PKZIP as a security tool, Crawford points out the cross-platform capability of PKZIP. A document or file compressed and encrypted by any one of PKWARE's four PKZIP products for OS/400, Windows, Unix, or MVS, can also be decrypted, decompressed, and opened by any one of them, or by using PKWARE's new PKZIP Reader, which is free and runs on Windows desktops. Crawford also sites the "persistent" nature of the connection made between PKZIP products as an advantage, in that the data remains protected until somebody unleashes it, either through a manual or a batch process.

Another new feature PKWARE has delivered with PKZIP for OS/400 5.5 is the new "load/run" capability. Hamiel says this new installation feature dramatically reduces the time it takes to get up and running with PKZIP. After downloading the software or loading the CD-ROM into the tray, most users will have PKZIP fully installed within 5 to 20 seconds, he says.

Last fall, PKWARE introduced spool file compression and conversion capabilities with PKZIP for OS/400 5.09 (see "PKZIP OS/400 Now Compresses Spool Files"). This version with spool capabilities is now known as the PKZIP Standard Plus package. The Professional PKZIP package delivers the AES algorithm, while the Standard PKZIP package delivers the compression algorithm and software.

PKZIP for OS/400 5.5 is available now. PKWARE uses tier-based pricing. License fees for PKZIP Standard range from $600 for a P05 box to $8,000 for a P50 box. PKZIP Standard Plus ranges from $800 to $10,660. PKZIP Professional ranges from $999 to $13,325. For more information, visit PKWARE's Web site at www.pkware.com.


Sponsored By
PRODATA COMPUTER SVCS

ProData Computer Services, Inc. is a leading provider of iSeries 400 utilities. Founded in July 1981, ProData has been at the forefront in the creation and evolution of software for the AS/400 and was one of the first companies to work with the IBM relational database architecture. As a leader in the development of AS/400 utilities, ProData utility installations number over 14,000 with distributors located worldwide.

DBU, the 'original' database utility, allows users to view and update any file instantly without time-consuming queries, DFU or programming.

SQL/Pro, the cost-effective SQL tool, enables users to select, organize and summarize data easily with an extensive report formatter.

F4 List Processor dynamically create display programs.

CvtRPGIV converts early RPG to ILE/RPG to experience new power!

RDR retrieves deleted records from any physical file and provides the safety net you have always wanted.

ProTools, a suite of 18-utilities to email direct from the iSeries, zip/unzip files and more. Includes source code.

SPLF2HTML converts spooled files to html documents for browser viewing or to email to users.

NestRPG updates source code showing the nesting of all condition and reference statements.

DSM embeds diagnostic compiler messages directly into the source member.

Download FREE Trials at http://www.prodatacomputer.com
Email sales@prodatacomputer.com
Call 800.228.6318


THIS ISSUE
SPONSORED BY:

ProData Computer Svcs
Aldon Computer Group
Esker Software
iTera
CMS Manufacturing Systems
S4i Systems


BACK ISSUES

TABLE OF
CONTENTS
PKWARE Refreshes Entire PKZIP Line with 256-bit AES Encryption

Chicago Bank Finds High Availability a Good Investment in Reputation

Maximum Availability Rolls Out More Support for OS/400 Objects

inFORM Decisions Updates Software for Fighting Check Fraud

Help/Systems Embraces the PDF with New Conversion Utility

News Briefs and Product Shorts


Editor
Alex Woodie

Managing Editor
Shannon Pastore

Contributing Editors:
Dan Burger
Joe Hertvik
Shannon O'Donnell
Timothy Prickett Morgan

Publisher and
Advertising Director:

Jenny Thomas

Advertising Sales Representative
Kim Reed

Contact the Editors
Do you have a gripe, inside dope or an opinion?
Email the editors:
editors@itjungle.com


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.