Java Security

From: James (james_at_enliva.com)
Date: 03/28/05

• Next message: kaeli: "Re: JSP - Inserting into a database"
• Previous message: RobG: "Re: How to populate HTML table from local text file."
• Next in thread: Michael Amling: "Re: Java Security"
• Reply: Michael Amling: "Re: Java Security"
• Reply: Oscar kind: "Re: Java Security"
• Reply: KiLVaiDeN: "Re: Java Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 28 Mar 2005 05:01:04 -0800

Hi all,

My company is trying to decide make a platform desicion between
C++/Java. I am in favor of Java however I am compelled to answer a
question yet I am unable to find a solution.

The problem is as follows: The application will have a two secret keys
(A 128 bit constants) and a public encryption algorihtm (AES). It will
encrypt some data offline and send via public methods to some other
place at a later time(not our server). Obviously, the security of this
data is extremely important. (A financial application). Application
will only be provided to trusted entities therefore I don't have to go
thru authentication. (ie. verify the sender)

Our concern is one could decompile the Java class files and see what
these constants are and hence break the whole system. I have checked
out various solutions to see how can we avoid this issue and not yet
come up with a 100% secure solution.

Obsfucation doesn't work as it doesn't really hide the constants.

Encyrption of the constants: If we did this, someone can enrypt these
constantants. This solution is nothing more than adding another layer
to the difficulty. (We can pick a private algorithm but decompiling
would expose algorithm)

I also can not change the JVM to add extensions as I would have to
deploy multiple extensions for various platforms.

I appreciate any pointers.

Thanks,
James

---

• Next message: kaeli: "Re: JSP - Inserting into a database"
• Previous message: RobG: "Re: How to populate HTML table from local text file."
• Next in thread: Michael Amling: "Re: Java Security"
• Reply: Michael Amling: "Re: Java Security"
• Reply: Oscar kind: "Re: Java Security"
• Reply: KiLVaiDeN: "Re: Java Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: My OPE & the Euclicidean TSP ... path algorithm pop up, prove that P=NP, and solve TSP through the use ... Any idea the effort involved to get an app ... been on major Java coding project from inception to product release as ... I like mentioning Class Viewer because it's great for perspective ... (comp.lang.java.programmer) Re: My OPE & the Euclicidean TSP ... so I have decided to talk more about the algorithm here ... Unfortunately, Java 6.0 only comes with the Rhino scripting engine, forcing you to put your custom engines in JavaScript for the custom algorithm editor. ... Another bug I know of is don't run stuff without any nodes in the display. ... (comp.lang.java.programmer) Re: Is it possible! ... That depends on whether it is a security risk that the algorithm of ... > from an executable with even 50% accuracy while java de-compilers ... That is a possibility, but if the algorithm is worth enough, ... an automatic Java decompilation, ... (comp.lang.java.programmer) Re: My OPE & the Euclicidean TSP ... so I have decided to talk more about the algorithm here ... to code it up in Java, or some other programming language if he does not ... I have an open source project at Google Code called optimalpathengine ... distances, which should be a minimum for the optimal path. ... (comp.lang.java.programmer) Re: java based supercomputer ... checking the correlation beteween an array of data and another array ... java psuedo remote threads will take a considerrably less time. ... Does your algorithm lend itself well to paralellization? ... the only bottleneck i can see is checking the correlation value ... (comp.lang.java.programmer)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)