PKWARE Refreshes Entire PKZIP Line with 256-bit AES Encryption
by Alex Woodie
PKWARE brought strong security capabilities to its complete line of PKZIP compression tools last week. The Advanced Encryption Standard (AES) encryption algorithm that ships with the latest releases of its PKZIP for OS/400, MVS, Unix, and Windows products allows companies to encrypt their compressed files with keys ranging from 128 bits to 256 bits in strength. This new encryption capability surpasses the product's previous 96-bit encryption key, and meets or exceeds IT security requirements being mandated by the U.S. government.
The AES was selected by the National Institute of Standards and Technology in November 2001 from a field of five encryption algorithms that were competing to be the replacement for Data Encryption Standard (DES) and 3DES algorithms that have been the standard in government for years, but which have proved to be susceptible to code-crackers. The algorithm that the NIST chose to be the AES was originally called Rijndael, and it was developed by two Belgian cryptographers.
Before selecting AES, PKWARE evaluated two other encryption algorithms, 3DES and Twofish. According to Tait Hamiel, PKZIP product manager, AES was hands-down the fastest of the three algorithms. "3DES was written for hardware, and the port over to software was anything but elegant. It runs like a pig," he says. "Twofish was faster than 3DES, but the fastest, no doubt, was AES."
As for how fast AES encryption runs, PKWARE has conducted benchmark tests that show AES--even at 256-bit encryption--runs faster than PKWARE's old, proprietary 96-bit encryption, Hamiel says. While customers who are experienced with PKWARE's previous encryption speeds will likely see performance increase with the new AES encryption technology, companies new to the game would be wise to research what effect computer-intensive encryption operations will have on their OS/400 server.
The AES algorithm is freely available as open source, and the PKWARE AES implementation includes the native 128-bit AES encryption, as well as 192-bit and 256-bit encryption keys. Delivering 128-bit encryption is critical to supporting companies' initiatives to come into compliance with the Health Insurance Portability and Accountability Act of 1996, which requires 128-bit encryption of patient records and goes into effect on April 14. Several of PKWARE's recent customer wins come from the healthcare field. Another government mandate driving security and encryption requirements is a provision of the Gramm-Leach-Bliley Act that requires financial services firms to keep consumers' private information out of the public realm.
The 128-bit encryption capability of AES makes it many times more secure than 56-bit DES keys (on the order of 10, followed by 21 zeros, says Hamiel). AES also incorporates two other features that make it even more secure. Cipher Block Chaining helps to foil hackers who might try to decode the encryption key by analyzing encrypted data patterns, by preventing the same encrypted data pattern from ever being repeated. Security is further bolstered in the AES by the inclusion of the SHA-1 hashing algorithm, which encrypts the encryption keys. "The triple layer of security that AES offers in conjunction with the elegance of the algorithm equates to an extremely secure and efficient security solution," Hamiel says.
Steve Crawford, PKWARE's chief marketing officer, says the new AES algorithm elevates the status of PKZIP, which sets the standard for data compression, into an affordable and easy-to-use security tool. Crawford, who previously worked at digital certificate management firm VeriSign, says there has been some success in security software since IT security concerns rose to the forefront in the late 1990s and in early 2000, as evidenced by today's powerful firewalls, virus protection software, and the like. "But in terms of getting security solutions that are easy to use, are easy to deploy, are easy to support and are interoperable, the dream has gone unfulfilled," he says.
In making the case for PKZIP as a security tool, Crawford points out the cross-platform capability of PKZIP. A document or file compressed and encrypted by any one of PKWARE's four PKZIP products for OS/400, Windows, Unix, or MVS, can also be decrypted, decompressed, and opened by any one of them, or by using PKWARE's new PKZIP Reader, which is free and runs on Windows desktops. Crawford also sites the "persistent" nature of the connection made between PKZIP products as an advantage, in that the data remains protected until somebody unleashes it, either through a manual or a batch process.
Another new feature PKWARE has delivered with PKZIP for OS/400 5.5 is the new "load/run" capability. Hamiel says this new installation feature dramatically reduces the time it takes to get up and running with PKZIP. After downloading the software or loading the CD-ROM into the tray, most users will have PKZIP fully installed within 5 to 20 seconds, he says.
Last fall, PKWARE introduced spool file compression and conversion capabilities with PKZIP for OS/400 5.09 (see "PKZIP OS/400 Now Compresses Spool Files"). This version with spool capabilities is now known as the PKZIP Standard Plus package. The Professional PKZIP package delivers the AES algorithm, while the Standard PKZIP package delivers the compression algorithm and software.
PKZIP for OS/400 5.5 is available now. PKWARE uses tier-based pricing. License fees for PKZIP Standard range from $600 for a P05 box to $8,000 for a P50 box. PKZIP Standard Plus ranges from $800 to $10,660. PKZIP Professional ranges from $999 to $13,325. For more information, visit PKWARE's Web site at www.pkware.com.
Contact the Editors
|Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.|