Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 07, 1997, Section:

Phaos Plugs Java Security Hole

By Mo Krochmal

NEW YORK -- Use Java for security? According to Phaos Technology, it's possible with its SSLava toolkit that integrates the RSA Jsafe toolkit. With this integration, Java developers can use the Secure Sockets Layer protocol for communicating and networking, and have industry-standard RSA cryptography for encryption and confidentiality.

The Jsafe toolkit lets software developers build Java applications and applets that use public-key encryption schemes. The cryptography protects data within the applications from being tampered with, solving a shortcoming in the Java Development Kit.

The SSLava toolkit enables encrypted tunnels of communication from computer to computer over the Internet and allows programmers to configure the strength of encryption from levels legal for export to the highest allowable -- 128 bit for symmetric cyphers or 1,024 bit for public keys, said Joel Fan, product manager and vice president for New York-based Phaos.

"This enables developers with no knowledge of security or cryptography to integrate security into their applications," Fan said.

RSA -- the name of an algorithm published by Ron Rivest, Adi Shamir, and Len Adleman -- is the first public-key cryptography system. RSA is a subsidiary of Bedford, Mass.-based Security Dynamics Technologies.