CipherCore For Java Client/Server Apps / News: Recent posts

Version 0.1.1 now has BouncyCastle JCE rolled in with the CipherCore.jar. That means all you need to do to start the server is extract the tarball and run "java -classpath lib/CipherCore.jar com.ciphercore.Server."
Also heavily updated the documentation at http://ciphercore.com/ciphercore/

0.1.0 is the first version that is (supposed to be) fully secure. Currently features SHA-1 digest authentication, 1024 bit Diffie Hellman key exchange, Blowfish ciphers, and passwords sent encrypted.

As of 0.0.9, the Man In The Middle vulnerability has been eliminated. The change has rendered the original "Hello World" uncompilable. A new version will be released ASAP.

Just some quick news since I'm in the middle of a major revision.
- Now uses Blowfish instead of DES. Can you say, "military grade"?
- Next release will have the man-in-the-middle problem solved. Roughly 40% complete.

The --insecure command line option has been removed. It wasn't any more secure when not using the switch, but took much longer to light up. As of 0.0.7 the default will be to use the included Prime and Generator.

As of the just released 0.0.6, Bouncy Castle is the default JCE.

Cryptix will not be used as the default JCE implementation. I am in the process of porting to BouncyCastle. http://bouncycastle.org/

CipherChat 0.0.1 is available for download from http://ciphercore.com/ciphermod/cipherchat.html . It is intended primarily as a demo of the real world utility of CipherCore.

The first major demo of the capabilities of CipherCore is approaching alpha release. It will be a very simplistic chat system, and will demo a real world deployment of CipherCore. Should be released before Monday.

The first alpha of the DMCA mod for CipherCore is available from http://ciphercore.com/ciphermod/ . It mixes copyrighted data into the streams before encryption, so that it is a violation of the DMCA to decrypt the streams.

In the near future I will be changing the default JCE from the Sun JCE (which is license encumbered) to Cryptix. I also hope that Cryptix will be a bit easier to install.

Since the current implementation has no way of loading the Diffie Hellman parameters from disk, and instead generates a new key every time, CipherCore is currently vulnerable to man-in-the-middle attack.