Enveloc® Is Completely Automatic.
It Never Forgets To Backup Your Data.
  
  Enveloc® Online Backup Home How Enveloc® Works Download Enveloc® Enveloc® Fees Enveloc® FAQ
 

 

Online Backup
No-Risk Trial
With Enveloc®'s 30 Day No-Risk Trial Period, the only risk is not trying it.


Enveloc® Corporation
Toll Free
1-877-ENVELOC
(1-877-368-3562)
International
1-251-476-8258
 Email
A guide to Triple DES 
encryption technology
06/15/2003

What is data privacy?

Let's say that ABC, Inc. creates a very important confidential memo intended for its largest client, Widget Enterprises.  Because of this memo’s importance, ABC decides to send a backup copy of this memo to one of its servers in another city.  However, ABC fails to properly secure the information contained within the memo before transmitting the backup copy across the Internet to its remote server.  A hacker with nothing better to do intercepts ABC’s confidential memo, and because the information within the memo is not secure, he is able to read the memo and then distribute the document to whomever he chooses. 

A critical aspect of backing up data is ensuring the privacy of the data being protected.  Privacy means that only the person who is supposed to have access to the information is able to view the data.  If ABC, Inc. had encrypted the data in the memo using a method such as Triple DES encryption prior to Internet transmission, the hacker would have been unable to gain access to ABC’s confidential business information.  

What is Triple DES Encryption?

For over twenty years, DES has been subject to intense scrutiny, and there are no known algorithmic flaws.  Triple DES uses a 168 bit key.  To mount a brute force attack on a key this large would require trying 238 nonillion (2.38 X 1032) keys every second for the remaining estimated life of the solar system.  In fact Triple DES is the same encryption method employed by banks when they send money via wire transfer.  Triple DES encryption is very safe.  There is a more detailed technical description of DES technology towards the end of this whitepaper.

How does Enveloc® utilize Triple DES encryption?

Upon installation of Enveloc® Backup, the customer creates a password phrase which will be used to Triple DES encrypt the backups.  This password is itself encrypted on the customer’s machine, and is available only to his backup program. The password does not leave the customer’s machine, and is known only to the person who types it in.  Enveloc® software automatically encrypts the the customer’s initial backup, as well as each subsequent backup, using the Triple DES encryption method with the customer’s password.  Enveloc® Remote Backup assembles the customer’s backups into Enveloc® Secure Archive (ESA) files.  When the Enveloc® customer has completed his or her initial backup, Enveloc®’s software will automatically scan the client’s computer for new and changed information on a nightly basis.  The scan recognizes new files as well as modified portions of files that have changed since the previous backup. 

Enveloc® then assembles only the block level changes into a single ESA file which is then compressed to one or two percent of its original size.  The ESA file is stamped with the time and date and then encrypted for security. This technology enables Enveloc® Backup to reduce backup sizes and speed up the transmission of the customer’s backup via the Internet.

Before the customer’s backup set is transmitted over the Internet, Enveloc® creates another level of security for our clients.  The customer’s ESA file undergoes another layer of Triple DES encryption.  Therefore during Internet transmission, Enveloc® customer backups are encrypted with two layers of Triple DES encryption.  When the customer’s backup set is received at our network operation centers the outer layer of Triple DES encryption is removed, but the first layer of Triple DES encryption remains intact as the customer’s ESA file(s) reside on our servers.  After the ESA file has been created and doubly encrypted, Enveloc® software allows the customer’s computer to contact Enveloc®’s network centers and the customer’s backup will be transmitted to Enveloc®’s servers.

Enveloc® customers can quickly restore their own files with a few clicks of the mouse.  Enveloc® technical support personnel are available on a 24/7/365 basis for needed assistance.  When customer’s retrieve information their ESA file(s) will arrive on their machines in an encrypted format.  The customer must input their password to restore their data. 

Additional technical information about Triple DES

The DES Algorithm was based on work by IBM and published as a federal standard in 1977.  It was designed to provide a means to protect the confidentiality of the government’s sensitive unclassified computer information.  The original has been reviewed and reaffirmed on several occasions.  The DES standard requires 16 rounds of operations to mix the data and key together to produce the ciphertext, and the same number of rounds to change the ciphertext back to plaintext.  There have been statements that “DES running in only 6 or 8 rounds can be easily broken.”  The standard calls for 16 rounds, and any implementation with other than 16 rounds is not DES.  There has never been a successful challenge to the mathematical soundness of the algorithm.

Nonetheless, with the power and speed of present day computers, it is possible, by mounting a sophisticated and massive brute force attack on the key, usually with multiple computers, it is possible to complete explore the keyspace and discover the key.  This is done by trying every possible key.  With 256 keys (72,057,594,037,927,940) to explore it takes a while, but can be done.  However, Triple DES (TDEA) utilizes three rounds of DES using 3 different keys to provide a keyspace of 2168 or 374,144,419,156,711,800,000,000,000,000,000,000,000,000,000,000,000 different possible keys.  Even using thousands of very fast computers, exploring the keyspace is impractical.  Therefore the Secretary of Commerce, through the National Institute of Standards, has issued the following directive (FIPS46-3):

“This standard became effective July 1977. It was reaffirmed in 1983, 1988, 1993, and 1999. It applies to all Federal agencies, contractors of Federal agencies, or other organizations that process information (using a computer or telecommunications system) on behalf of the Federal Government to accomplish a Federal function. Each Federal agency or department may issue internal directives for the use of this standard by their operating units based on their data security requirement determinations.

With this modification of the FIPS 46-2 standard:

1.      Triple DES (i.e., TDEA), as specified in ANSI X9.52 will be recognized as a FIPS approved algorithm.

2.      Triple DES will be the FIPS approved symmetric encryption algorithm of choice.

3.      Single DES (i.e., DES) will be permitted for legacy systems only. New procurements to support legacy systems should, where feasible, use Triple DES products running in the single DES configuration.

4.      Government organizations with legacy DES systems are encouraged to transition to Triple DES based on a prudent strategy that matches the strength of the protective measures against the associated risk.”

The implementation used by Enveloc® is through the Bokler Software Corporation DLLs, which have been validated by the National Institute of Standards as conforming to the Triple Data Encryption Algorithm (TDEA, a.k.a. "Triple DES"), as specified in Federal Information Processing Standard Publication 46-3, Data Encryption Standard (DES), Certificate Number 12.  Enveloc® use all three keys, providing a 168 bit encryption level.

© 2003, Enveloc® div. ValueComm, Inc.
Microsoft, MS Word, MS Excel, MS Outlook, Windows 95, 98, NT, 2000, & XP are registered trademarks of Microsoft Corporation.

Copyright 2006. Enveloc® Corporation.