This is not a review inasmuch as a note of warning. Ask yourself if you would use encryption that had known weaknesses in 1998? Then you won’t be surprised to learn how NOT to implement the so-called FIPS-140 standard.
One, don’t rely on any piece of software that uses it. Period.
Two, if you must use it, you need to realize the importance of key seperation. The article indicates that this is utmost: if an attacker has your secret key, they can recover ANYTHING encrypted with said key – past, present and future.
This has a small positive effect and a massive negative one.
You may like the idea of an application that help send files ‘securely’, but you need to look at the underlying structure before you trust ANY new software with something important.
See article:
https://threatpost.com/duhk-attack-exposes-gaps-in-fips-certification/128582/