Due to some last-minute discoveries of vulnerabilities, the release of f_TEA 1.0b has been delayed until early April. In interim release will be posted prior to the full release for those developers wishing to do pre-beta testing.
f_TEA, the 128-bit encryption library for Flash/PHP, is almsot ready for the full public beta release on March 20, 2006. Included with this release will be a number of enhancements to the algorithm as well as support for client/server communication via a proprietary, XML-based protocol. A new, Windows installer package will aid in adding the standard codebase, including a bare-bones version of the BNM Foundation Classes, to your existing Flash classes. Full details about this release will be posted closer to March 20.
The f_TEA system for Macromedia Flash and PHP provides 128-bit encryption to any Flash or PHP-based project using sensitive online or offline data.
Based on the TEA algorithm of Roger Needham and David Wheeler, f_TEA and p_TEA couples an easy to implement solution with industrial-strength encryption.
The first, pre-alpha release may be found at:
It is provided to developers for testing purposes. Feedback and requests are highly encouraged during this initial phase.
The f_TEA Actionscript class and PHP module will be ready and online on February 15, 2006. I can say this with confidence because the code has been done for well over two years now and is well-tested. However, at the time that it was originally written it was frame-based (AS) and a little quirky. I've since had the opportunity to test it under a number of real-world situations (where I've also discovered limitations and vulnerabilities) and found it to be relatively sound. So while this first release can be considered pre-alpha, it has really been around for a while.
One of the things that makes this library relatively incomplete is the lack of integration. That is, I haven't yet completed a key-exchange system (though one is already down on paper) and haven't solidified any transports between client and server. It is, at this point, up to you to decide whether you want to send your data as URL-encoded variables, an XML object, or something else. The same applies for the server-end.... read more