Do not underestimate security of your data. Thefts of data and entire computers are a daily matter. Both individuals and enterprises lose top secret financial data and for some it costs reputation. In the light of the latest news on FBI wanting to require all encrypted communications systems to have back doors really undermines the right for privacy. Lately the Privacy and Security issues are very much talked about and taken in consideration.
Recently weâ€™ve been asked if our encryption software Rohos Mini Drive (freeware) and Rohos Disk Encryption (shareware) have backdoors. Our answer is No. Rohos team claim its encryption programs have no backdoors. So you can sleep safe and sound knowing that nobody will be able to access your encrypted personal data unless you give them the password.
Also we have been asked how we could prove it. The only way to prove it would be to open the source code which we will do, but later and only for our utility Rohos Mini Drive Portable.
Rohos Mini Drive is totally free for the home user and it is the best free encryption security tool that uses NIST approved encryption standard. In other words it has all a home user needs to achieve a good level of computer data privacy.
Download Rohos Mini Drive
Open source vs. closed source disk encryption
Well, some people may say that having open source encryption software gives you opportunity to know what you use and how strong is encryption and security protocols. But we have some doubts about it.
Looking at the most popular open source encryption software Truecrypt some serious questions arise: why its developers are anonymous, why would someone do so much work (and believe encryption is not the easiest field of developing) and give it free of charge and many more. It looks like itâ€™s not only me who has serious concerns when it comes to backdoors in Truecrypt. The author of one blog has really uncovered the veil about it in his article â€œAnalysis: Is there a backdoor in Truecrypt? Is Truecrypt a CIA honeypot?â€ This article makes a really good reading.
On the other hand, we must admit that the other open source encryption software OTFE is very much open to community and has the developerâ€™s name publically published, and no way it falls behind in the variety of encryption algorithms (AES, Twofish and Serpent) or any other feature that is so much popular among users as compared to Truecrypt.
Certified encryption solutions
Many USB flash drives with hardware encryption features have a FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST). FIPS certification means: Cryptographic module validation by one of approved NIST labs:
- The lab takes Cryptographic Module (this could be just a part of entire security solution) and run a set of tests with it. Encrypting the predefined data blocks, using predefined encryption keys, inspecting encryption output.
- The lab may also inspect Cryptographic Module source code.
To simplify the certifications process vendors often collect all encryption code from entire source code into a single module and certify only this module. In future when new version of product is published there is no need to certify it again.
So Certified Encryption Products/Solution means: “Somewhere in the past we certified only encryption code in our product”. But the entire solution/product may contain bugs/holes in security protocols.
- Look at the list of certifications – there are only “Cryptographic modules” but not Products.
- Read about security holes in USB flash drive with certified encryption.
One more example of possible backdoor could be Russian encryption standard GOST 28147-89.Â Though it was developed by KGB, some claim it to be transparent for National Security department. This encryption standard has been severely criticized due to the fact that cipher strength may depend from the quality of S-Boxes. And certified encryption vendor should use S-Boxes provided by KGB. The Russian Wiki page describes better this issues: GOST critics. An excellent article about this standard and many more we have found and wanted to share with you. It’s called “Weakness of Cryptosystems”.
We should say that none of the existing cryptographic algorithm gives 100% data security. It just extends time that is necessary for the third party to read information. Usually it takes quite a while so your information by that time loses its value. But if to look at it from a different point of view the fact that the majority of encryption protocols and cryptographic algorithms are developed in the USA should put us on guard.
So itâ€™s really up to you what to use. But only time can prove how secure and reliable a software can be.