The password protection used is "industrial strength" and results in the
areas of the original file which are being compressed to additionally be
encrypted. The password can be up to 1023 characters long. The encryption works
as follows, incorporating the Blowfish encryption algorithm and the MD5 hashing
algorithm. Blowfish was developed by Bruce Schneier and MD5 was developed by RSA
Data Security, Inc.
The password is used to generate a series of bits, which is added to a number
of additional pseudo-random bits. This is then hashed using MD5 to create a
16-byte key. The compressed application data is encrypted with Blowfish using
this 128-bit key. The password is not stored. There is no way to 'recover'
the password.
When the program is to be run, the user enters the password again, and the
same series of steps is used again to generate the key, enabling decryption.
Encryption of this level is regulated by the US Department of Commerce.
Restrictions on export of ExeLock include a ban on exports to the following
countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan or Syria.
|