Decisions
The choice of encryption technologies is not always easy, but fortunately
there are often several equally good options. The first step in choosing an
algorithm is knowing the purpose to which it will be applied. Is it to ensure
privacy, integrity, authenticity or to provide non-repudiation? Will it be
used on a small amount of data or files so large that the encryption process
could result in an unacceptable processing delay? The strength of an
encryption method is dependent upon both the algorithm and the key length and
can be understood in terms of the computational resources required to break
it. The longer the key, the stronger any given algorithm. It is the value of
the data and the length of time it must be protected that determines the
necessary encrypt... (more)
One of the most significant aspects of Java programming is that it creates
applications that have extraordinary relevance to computer security. Few UNIX
administrators would be prepared to allow millions of users to execute
programs as root (the administrative superuser) on their system, yet this
level of potentially total power is what every user cedes when they point
their browser at a... (more)
Java programmers are network programmers and increasingly, network
programmers write applications that need encryption technology. The Internet
is like a huge chat room. Not only is it a worldwide sniffable net, it's
developing its own unique business infrastructure. New virtual services are
required to provide the confidence in business transactions that has been
available through a pap... (more)
Introduction
Java developers are constantly becoming frustrated because of unexpected
encounters with Java security features. For example, a recent posting on
comp.langs.java.security complained about difficulties in being able to open
a network socket with Java. After reading the security introduction in the
last issue of JDJ, it should be clear that allowing Web content to open
arbitra... (more)
The JDK 1.1 includes a new Java Security API which supports several important
new security features, the most significant of which may turn out to be
signed applets. Properly implemented, digital signatures will provide the
additional trust needed to allow Java applets greater access to client system
capabilities, thereby supporting more powerful Web-based applications.
What Does Everyone... (more)
Jay Heiser is the Director of Internet Products for HomeCom Internet Security Services, where he is currently providing network security consulting to several major financial institutions and retail chains. He has lectured on information security in the US and Europe at events such as InfoWarCon, The Internet Conference, and FOSE. Jay also has animated several presentations on basic network security topics and made them available on the Web at http://www.homecom.com/services/hiss/LearnAbout.html.
Keith Bergelt
Gaurav Mantri
Aditya Banerjee
John Karamitsos
Kaj van de Loo
Bob Little
Alois Reitbauer
Chris Schin
Richard Gordon
Anil Parambath
