Java Security

applets
Java is a programming language that allows developers to write applications (known as applets) that run over the internet and are independent of the hardware and browser you are running at the client end. The applets are stored on the web server and automatically downloaded to the client the first time the applet is accessed. On subsequent accesses the Java applet already resides in the cache on the client's machine and is loaded immediately without the delay experienced the first time. Java applets have no way of reading from or writing to the clients hard disk. Therefore there is no way that Java applets can damage your computer or do anything malicious with your other data or programs. As part of Java's security, an "Applet warning" is always displayed at the bottom of windows displayed by Java applets.

 unsigned java applet window        warning: applet window

The unlocked key image or "Warning Applet Window" on the Java windows simply means that this applet was not digitally signed and has various restriction when it runs on your computer. Digitally signed applets do not automatically get any more capabilities to do things than unsigned applets do. Our applet is not digitally signed because we want to be able to run this cart on all browsers and older browsers do not support this feature. Plus the customer will need to accept your signature if they trust you. What digitally signed applets get is the ability to ask you if its okay to do something that "normal" applets can't. Most applets are not digitally signed
Netscape makes sure that the final decision about what applets can and can not do on your computer is up to you. It can not be changed. It is build into a browser. You might want to send a suggestion to Microsoft or Netscape to remove it.

key
Many people think that placing a shopping cart on Secure Server (Secure Socket Layer, SSL) makes it secure. But that only protects connection from your computer to the server computer. You still have a Security Hole when the order is being sent from the server computer to your email. Many companies do not advertise this "flaw". We decided to make ordering completely secure by using One Time Pad (OTP) encrypting technology. It is not efficient for large volumes that's why its not widely used, but for small volume data it works well. A one-time pad uses a different, random key to encrypt every message. We use variation of this method to encrypt all orders. It is very simple but power encryption technique. The true OTP encryption is unbreakable and is used by US Military.

OTP

from "THE CODEBREAKERS" by David KAHN - pag 398 - Scribner - 1996

"..it consist of a random key used once, ad only once. It provides a new and unpredictable key character for each plaintext character in the whole ensemble of messages ever to be sent by group of correspondents. And it is an unpredictable system. Some systems are unbreakable in practice only, because the cryptanalyst can conceive of ways of solving them if he had enough time. The One Time Pad system is unbreakable both in theory and practice. No matter how much text a cryptanalyst had available in it, or how much time he had to work on it, he could never solve...".

from "APPLIED CRYPTOGRAPHY" by Bruce SCHNEIER - page 13
 - Willey & Sons - 1994

"Believe it or not, there is a perfect encryption scheme. It's called a one time pad and was invented in 1917 by Major Ioseph Mauborgne and AT&T's Gilbert Vernam. In its classical form, a one time pad is nothing more than a large no repeating set of truly random keys letters, written on sheets of paper and glued together in a pad. The senders uses each key letter on the pad to encrypt exactly one plaintext character. The receiver has an identical pad and uses each key on the pad, in turn, to decrypt each letter of the ciphertext. Each key is used exactly once, for only message..."

from "INTERNET SECURITY TECHNIQUES" by Larry J. HUGHES, Jr.- page 51 
- New Riders - 1995

"In theory, ever cryptographic algorithm -except one - can be broken given enough ciphertext, time, and compute cycles. Modern cryptographers have found it possible to design algorithms that might very well remain impervious to attack for eons beyond the useful lifetime of any chiphertext, regardless of wath profound, valuable, or damaging secrets it contains. The only cryptosystem that can never be broken through any form of cryptanalysis is One Time System, also called a One Time Pad. In it, each bit of the plaintext undergoes an exclusive-or (XOR) operation with a matching bit from a key...." "....The beauty of a One Time Pad lies in the fact that all its security rests in the key, and absolutely none is in the algorithm..."

top



options


Send Email
VSSD logo
Copyright © 1996-1999 Vilgorin Software Systems Development.
All Rights Reserved