On May 19, 2005 the National Institute of Standards and Technology (NIST) announced the withdrawal of the (single) Data Encryption Standard (DES) as specified in FIPS 46-3. DES no longer provides the security that is needed to protect Federal government information. Federal government organizations are now encouraged to use FIPS 197, Advanced Encryption Standard (AES), which specifies a faster and stronger algorithm. For some applications, Federal government departments and agencies may use the Triple Data Encryption Algorithm (Triple DES) as specified in NIST Special Publication 800-67. Triple DES is also supported by CryptoXpress LT. Although thought to be considerably less secure than even AES 128-bit encryption, it is still commonly used in some industries.

CryptoXpress LT supports multiple encryption/decryption algorithms including AES 128-bit, AES 256-bit and TripleDES. These algorithms meet the "string encryption" requirements as defined by all known federal, state and industry regulations, including:

• The Sarbanes-Oxley Act (SOX)
• The Gramm-Leach-Bliley Act, the Safeguards Rule (GLBS)
• Health Insurance Portability and Accountability Act (HIPAA)
• California Assembly Bill 1950 (AB 1950)
• Title 21 of the Federal Regulations Part 11 (21 CFR Part 11)
• California Information Practice Act or Senate Bill 1386
• North American Electric Reliability Council (NERC)
• Federal Information Security Management Act (FISMA)
• USA PATRIOT Act
• Cardholder Information Security Program (CISP)
• Payment Card Industry
• Federal Information Processing Standards (FIPS)
• National Association of Securities Dealers Rule 2711
• SEC 17a-4

CryptoXpress LT can be used to encrypt and decrypt text, files and fields within a database. It supports EBCDIC, ASCII and binary data. Although it supports multiple encryption algorithms, the preferred encryption technology today is AES. AES is a block cipher (symmetric key) encryption algorithm that uses 128-bit, 192-bit and 256-bit key sizes.

CryptoXpress LT supports multiple message digest algorithms including MD5 and SHA1.

A message digest (also sometimes referred to as a one-way hash function) is a fixed length computationally unique identifier corresponding to a set of data. The result of the algorithm is that each file or data string digested will map to a particular block of information called a message digest. The digest is not random; digesting the same unit of data with the same algorithm will always produce the same message digest.

Most users prefer to use the MD5 message digest algorithm. MD5 belongs to a family of one-way hash functions called message digest algorithms. The MD5 system is defined in RFC 1321. MD5 takes a message of arbitrary length and produces as output a 128-bit message digest. It is conjectured that it is computationally infeasible to produce two different messages having the same message digest, or to produce any message having a given message digest.

RFC 1321 also defines a certification suite to validate correct implementation of the algorithm. CryptoXpress LT is validated against this suite.

Message digests have many uses. In particular they are used to authenticate data. For example, to create a digest for authentication, data can be digested and the digest saved. Later, to validate that the data has not been altered, the data is digested again and the result is compare against the original digest. If they differ, the data has been altered. This is very different from encryption because the actual data is not modified when it is digested. Encryption is intended to protect the confidentiality of data.