aspose file tools*
The moose likes Blatant Advertising and the fly likes JCRYPT - JMasters Encryption/Decryption Service Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Other » Blatant Advertising
Bookmark "JCRYPT - JMasters Encryption/Decryption Service" Watch "JCRYPT - JMasters Encryption/Decryption Service" New topic
Author

JCRYPT - JMasters Encryption/Decryption Service

Alex Bromberg
Greenhorn

Joined: Dec 19, 2012
Posts: 4
Hi all,
Where a new very useful an easy to use way of Encryption/Decryption of your data.
Visit https://www.jmasters.info:8443/jcrypt/ site for more details.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 960
    
  10

Alex Bromberg wrote:Hi all,
Where a new very useful an easy to use way of Encryption/Decryption of your data.
Visit https://www.jmasters.info:8443/jcrypt/ site for more details.


Sorry to be negative but your site does not say what algorithms are used and the statement 'The service uses a complex random data manipulation algorithms to provide a very high level of encryption and still fast and with low "encrypted data/row data" ratio' sounds just like techno-babble. The whole smells of snake oil - http://www.interhack.net/people/cmcurtin/snake-oil-faq.html .
Alex Bromberg
Greenhorn

Joined: Dec 19, 2012
Posts: 4
try it before you post any conclusions
Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2052
    
  22

So you want me to give you sensitive data unencrypyted? how do i know you are not going to misuse the data?
fred rosenberger
lowercase baba
Bartender

Joined: Oct 02, 2003
Posts: 10909
    
  12

I don't know much about encryption or web service calls...

But does this send my plaintext to your server, then you send back the ciphertext? Doesn't that open up security holes?

I mean, it would be like me handing a copy of my plaintext to some random third person who hung up a sign saying "I'll encrypt your documents for you!!!", having them encrypt it and give me a copy of that ciphertext back. How do I know they (or you) can be trusted?

If I am misunderstanding, please let me know.


There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors
Alex Bromberg
Greenhorn

Joined: Dec 19, 2012
Posts: 4
Who told you can trust anyone in this world It;s your decision if you trust someone or not.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39544
    
  27
Since this is a SOAP service, I advise to secure the data in transit by employing WS-Security for encryption. You may also want to set up SSL properly on port 443 on your server - gives a much more secure feeling. Kind of key for a service like this :-) (as would, I agree, information about the algorithms being used).


Ping & DNS - updated with new look and Ping home screen widget
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 960
    
  10

Alex Bromberg wrote:try it before you post any conclusions


How will trying your site out help me decide whether or not this is snake oil? Are you using the industry standard algorithms? How can I be sure that the data I send to you for encryption is not being stored in the clear on your computers or sold on? Who has access to the keys? How is this better than PGP?

Nothing on your web site and nothing you have posted here indicates that you have anything other than snake oil and anyone who uses your site to protect their data is a fool.

Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2052
    
  22

Ulf Dittmer wrote:Since this is a SOAP service, I advise to secure the data in transit by employing WS-Security for encryption. You may also want to set up SSL properly on port 443 on your server - gives a much more secure feeling. Kind of key for a service like this :-) (as would, I agree, information about the algorithms being used).


If I'm going to send data over to him over SSL, why can't I just use SSL to send data to where I want to send to. Security as strong as the weakest link in the system. If his encryption is legitametly stronger than SSL, then the weak point in the system is SSL. Since he is completely reliant on SSL for this service, he cannot get better than SSL
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18104
    
  39

Jayesh A Lalwani wrote:If I'm going to send data over to him over SSL, why can't I just use SSL to send data to where I want to send to. Security as strong as the weakest link in the system. If his encryption is legitametly stronger than SSL, then the weak point in the system is SSL. Since he is completely reliant on SSL for this service, he cannot get better than SSL


Agreed. Putting an encryption service on the net doesn't make any sense, as encryption is needed to get data across the net .... but much more importantly ....

Alex Bromberg wrote:try it before you post any conclusions


Alex Bromberg wrote:Who told you can trust anyone in this world It;s your decision if you trust someone or not.


Engineers involved with security are probably the most paranoid people that I know. If this service is intended to become a business in the future, then you probably need better marketing slogans ...

Henry



Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2052
    
  22

My employer is in the business of providing SaaS for the mortgage portfolios of the banks. When we started no one was ready to take a SaaS solution, simply because they didn't want to give us the data. We had to install the software in their environments. After we built trust with couple of big banks, we started opening them up to a SaaS solution. It took us like 3-4 years. When we moved to a SaaS solution, we started getting audited out of the yinyang. They see who has access to their data. The people who build the software have no access to data. The people who can understand the data cannot modify it without going through some auditing checkpoints. The group that has full access is very very limited, and tend to be people who don't understand the business side. On top of that the client scrubs the data before sending to us. They look at what data goes to the cloud. what data stays on the cloud. where are our passwords stored, do we lock our computers when we lock our desktops when we leave. We can't even have friggin WiFi. Oh wait we can but devices on WiFi are outside our firewall. Even the janitorial company that vaccums our floors get audited

I am pretty sure if we said "it's your decision if you trust someone or not" we would be out in the cold.
Alex Bromberg
Greenhorn

Joined: Dec 19, 2012
Posts: 4
Thanks for your constructive responses it is very helpful. Probably I should review the concept of my service and rethink about ways to promote it.
More thoughts and advises will be appreciated very much.

Thanks a lot again.
Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2052
    
  22

I think if you really have some good research behind your encryption, and it is demonstrably better in some aspect than any other encryption algorithm, you need be able to articulate how you are better without giving away your trade secrets. Maybe publish some whitepapers.

Also, Encryption SaaS is not going to work, unless you have reinvented the internet. Java provides a good way of people to sell their cryptography algorithms. Look at the Provider interface in JCE. It allows you to build your own encryption and plugin to standard JCE. You can sell your encryption algorithm as a plugin.

Is there something about your encryption that it has to be done on the server? Like does it do it on the cloud or something like that? If it is, then you have to find a way to have strong encryption on the data before sending it to the server.
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18104
    
  39

Jayesh A Lalwani wrote:I think if you really have some good research behind your encryption, and it is demonstrably better in some aspect than any other encryption algorithm, you need be able to articulate how you are better without giving away your trade secrets. Maybe publish some whitepapers.



I am not completely sure if I agree with this. There are many things that make encryption algorithms good, but being a "trade secret" isn't generally one of them.

All popular encryption algorithms today are completely documented -- and in many cases, the source code are provided. This allows an army, from the best scientists with a little too much free time, to hackers with way too much free time, to try to crack it. In other words, good encryption algorithms should be heavily battle tested.

Henry
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JCRYPT - JMasters Encryption/Decryption Service
 
Similar Threads
Encryption and Decryption for Transaction
javax.crypto.BadPaddingException for AES when encrypting and decrypting multiple times
Encryption
Password Encryption and Decryption
Elliptic Curve Cryptography