With Microsoft incorporating encryption into their next version of Windows NT, now called Windows 2000, the encryption market is getting a lot smaller. Dozens of encryption vendors will be looking for a competitive advantage to keep their heads above the Microsoft water. Luckily, Jaws Technologies' L5 Data Encryption Professional product offers one: speed.
L5 is a new desktop encryption product that offers inexpensive, strong, and fast file encryption on the desktop. L5's key size is a standard, non-negotiable 4096 bits, far surpassing that of the planned 40/128-bit encryption for Windows 2000.
But unlike L5's competitors -- such as Network Associates' Pretty Good Privacy (PGP) -- L5 does not allow you to manually set the key size. When you encrypt a file, you encrypt at 4096. This "dummy proofing" is nice for administrators because it means users won't be encrypting their files at weaker 40-bit or 56-bit key sizes.
L5's biggest advantage is its encryption and decryption speed. In my tests, a 100-page Word document (at a size of about 1.5Mbyte) took only 2.14 seconds to encrypt and 2.36 seconds to decrypt. When I encrypted and wiped the same file with PGP, it took more than nine seconds for encryption and decryption, also using 4096-bit strong encryption.
Jaws Technologies' proprietary algorithm speed will carry L5's technology into more than just encryption software. The company plans to implement its diminutive programs into all types of small devices, such as personal digital assistants and palmtops. In addition, the algorithm's speed makes it a perfect fit for streaming encryption in virtual private networks.
L5 does seem to carry a security limitation, however. When L5 encrypts a file, it includes a "signature" on the file, so at the top of each L5-encrypted file is the text "L54096." This indicates the product that encrypted it (L5) and how strong the encryption was (4096). This could give code crackers much of the information they need to try an attack on the key.
One of L5's biggest limitations is that it lacks a key server. Without a key server, each user must manage their own keys; so, if you want to encrypt a file for someone else to read, you'll need to get the intended user to come to your machine and type in their encryption key. Jaws Technologies recognizes the limitations of this design and is currently piloting a public key server solution for one customer, but it hasn't promised a commercial product.
I found that L5 lacks general usability. For example, I could only right-click for encrypting and decrypting options within L5, and not in Windows Explorer or within folders. Also, encrypting entire directories is far from intuitive. And unlike PGP, if you feed L5 an incorrect pass phrase for decrypting a file, L5 will decrypt the file based on the incorrect key rather than deny the decryption.
The biggest challenge to Jaws Technologies' credibility, however, is its lack of a proven track record. When a company develops a new encryption algorithm, users are naturally nervous about its strength and legitimacy. By opening up the algorithm to the public and academia, the encryption techniques can be pushed beyond any quality assurance the company may put it through.
Overall, Jaws' L5 is a solid entry into the file encryption market. The product has some maturing to do in terms of usability, but its sheer speed may be the brass ring many companies are looking to grab.
Stuart McClure is a senior manager at Ernst & Young Security Services. He can be reached at email@example.com.
The bottom line: good
Jaws L5 Data Encryption Professional
L5's speed will dramatically effect productivity, but its usability needs to be improved and its encryption algorithms need more public scrutiny.
Pros: Encryption engine uses standard 4096 bits; offers public/private key pairs; impressive speed.
Cons: Proprietary algorithms; no central key server; program identifier in encrypted file; decryption with incorrect key will decrypt incorrectly.
Jaws Technologies; www.jawstech.com.
Platforms: Windows 95, Windows 98, and Windows NT 4.0.