dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
765
share rss forum feed


2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
kudos:1

[Free] FIPS 140-2 Security Free!

I came across this a short time ago and just recommended it to someone over in the Microsoft forum who was worried about someone getting into his files should his laptop or thumb drive get lost or stolen while on the road.

Is the author reliable? If you consider the Department of Defense reliable, then yes. Of course, since we haven't actually won a war since it changed from "War Department" to "Department of Defense" maybe there's room for doubt?

OK Link to the EW-Public Java encryption/decryption tool:
»www.spi.dod.mil/ewizard.htm

I may have slightly exaggerated the FIPS 140-2 thing, BUT probably not. The EW-Public version is not certified, but the EW-Govt version (not available to the public) does use a FIPS 140-2 certified component to do the heavy lifting. Now, encrypted files created by either version are easily decrypted by the other without any special action. This tells me the same algorithm is being used in both, just that EW-Public's encryption algorithm hasn't been run through FIPS acceptance testing.

Potential Uses (and it can be used by private individuals for personal use and by commercial companies for their work also):
Sending or storing data you do not want anyone else peeking in at. This could include:
Love notes to someone other than your S.O.
Files containing personal information of any type such as HIPPA related files, files with social security numbers and other personally identifiable info in them, confidential business records, confidential financial data, etc. etc.

Works on Windows, Mac, Linux, Solaris, and other computers with Sun Java. That's the only requirement - that you have Sun Java on the system.
--
...then THINK! again.


chachazz
Premium
join:2003-12-14
kudos:9
As mentioned here... »Re: How to protect data if lost...


NotTheMama
What Would Earl Do?

join:2012-12-06
Personally, I'd rather use TrueCrypt than have java installed on a Windows system. (I find your use of a "secure" link... interesting. )

MrFixit1

join:1999-11-26
Madison, WI
The interesting question is why everything on this site is available as secure except the home page of each forum .
Anybody have any idea why that is ?
Using the HTTPS Everywhere extension for FF has been educational .


2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
kudos:1
reply to NotTheMama
One advantage(?) I might see in using one over the other might be the "branding". Let's say you're a business that routinely transmits HIPPA or other health related data and the auditors show up to make sure you're in compliance in protecting the data while in transit (and at rest also). Which one do you think most non-tech saavy folks would be more convincing as showing you've done your due diligence?
For the personal user, with it's purported transparency during use, TrueCrypt would appear to be a good choice.
--
...then THINK! again.


NotTheMama
What Would Earl Do?

join:2012-12-06
Perhaps. Whether it involves HIPAA or not though, I would think that securing files on a system for personal use--with concerns about said system being lost or stolen--and securing them for transmission between systems for organizational purposes involves some different considerations. I can't really speak to the latter, but I've been using TrueCrypt for the former for some years now. And while I feel comfortable enough using java on Linux or unix systems, I won't even install it on Windows systems.

slajoh01

join:2005-04-23

4 edits
reply to 2kmaro
Even TrueCrypt is not FIPS 140-2 certified for that matter...

The FIPS 140-2 version is for US Government only.
U have to fill out this form and send to them if ur a Government contractor. I even emailed them if they can provide me with the FIPS 140-2 version for non Government use. Still waiting for a feedback. But I really doubt that I will be approved for this request.

However, I have the full set ISO image live CD from them based on Linux. Its awesome!!!!! And its probably approved by the USAF/DoD/DISA. The Encryption thing is already added on there but without FIPS 140-2. You can do more things with this like online banking and stuff like that. Also includes a secured version of Firefox based on the DISA Security Complaince Standards.
»spi.dod.mil/lipose.htm

.

slajoh01

join:2005-04-23
Just an update on the feedback I got from one of the Team support members:

I guess it was worth a try. But I dont think the Public version uses FIPS 140-2. And even TrueCrypt does not either...

=============================================
"Unfortunately due to licensing restrictions in order to reduce costs,
EW-Govt with the FIPS 140-2 library is only available to US Federal
Government employees and their contractors."