News
Encryption Made Easy with New Security Library
9Rays.Net releases new encryption security library.
In a perfect world, hackers could be locked out of business applications through rigorous secure development practices. In the real world, though, it makes sense to also build encryption functionality into apps to protect sensitive data and intellectual property -- just in case.
Obfuscation vendor 9Rays.Net Inc. aims to make the job easier for developers with a new cryptographic toolkit released recently. The CryptoSharp security library will include the standard crypto-suite ciphers and hash functions, but goes further by including modular, high-level functionality that developers can plug directly into their apps, says Mark Sochan, a business development consultant working with 9Rays.
Ready-to-Use
The company's headquarters is in Virginia, but its development offices are in Russia and Ukraine. 9Rays was formed in 2001 and initially sold obfuscation technology to help protect .NET source code from malicious de-compiling. That technology, the Spices.Net suite, is still its flagship product. But 9Rays founder Victor Victorov later saw the need for a better encryption security library based on the company's own internal development work, Sochan says.
"Most of the cryptographic libraries on the market offer a hodgepodge of stuff: secret-key encryption, public-key encryption and some compression components. The problem is that typical libraries offer rather low-level components so the developer still has to do a lot of work to convert them into real applications," Sochan says.
9Rays' approach is to provide complete cryptographic functionality modules ready for use in applications without much additional coding, such as password dialogues and encrypted storage capabilities, he says.
No Consistency
While that approach likely will be helpful for developers, Gartner Inc. analyst Eric Ouellet argues that enterprises are crying out for a fully integrated, top-to-bottom system of encryption technology for everything from apps to databases. As it stands, some enterprises have to juggle a number of different encryption products and keep up with their respective keys.
"It's kind of tricky for developers because there are nice tools that allow you to leverage all this stuff in many ways, but there's no consistency," Ouellet says, later adding, "It's hard to come up with a standard policy of how to manage cryptography and how to manage keys."
The work that's been done on standardizing the process largely has been undermined by the major vendors' reluctance to open up their technology to be managed by competitors' products. "No one's willing to expose their own API," Ouellet says. "It's kind of a useless standard."
A public beta of CryptoSharp is available for download now at the 9Rays Web site, and the company was expected at press time to begin selling the first official release of the security library sometime this month for $395.