- Is this End-to-End Encryption program secured?
If anyone tells you that their product is secured, evaluate twice.
To a hacker, anthing is breakable – given enough time and resources.
This program is as secured as I can make it based on current technology.
Unfortunately, in order to balance the objectives of making it very
light weight, secure and low cost, I have to do away with not having to format the keys
in a X.509 certificate with signing by root CA and chaining.
- So, what are the weaknesses of the product?
I don't think you can challenge AES and RSA encryption algorithm. It has
been used widely and accepted as the most secured encryption today.
So I guess the weakness lies in the way the public key is sent across to the browser.
Unlike SSL, this public key is never verified to be authentic.
What it means is that an interceptor may be able to get hold of the web page
and replace your public key with his key. Thus, whatever data that will be encrypted
at the browser can be decrypted by him.
But, wait, if the interceptor is able to get hold of your web pages, he might
as well remove the applet and everything will be in clear. Or jolly well, he
can do anything he wants!
Well, I guess the biggest weakness is using the same set of
public-private keys provided in the download :(
- What application server can I run the program on?
The program consists of just simple classes. They can be run on any JVM based on
JDK 1.2 or higher. The browser will need to enable Java applet to run.
Microsoft IE and Netscape have been tested.
- How about Microsoft platform?
It's in the pipeline. I could simply compile the code using J++ to a dll.
But you still need a java runtime in your application server.
Not a very clear approach though it would be easiler to maintain.
However, I'm still thinking of re-coding in C++ which will take time
given enough encouragement.
- How much do I pay to use this program commerically?
Nothing.
- How do I get support?
I cannot promise anything. Just send me an
email and I'll see what I can do :)
|