Sunday, June 29, 2008

Security Advantages of the .NET Framework

Security Advantages of the .NET Framework

Recall how, in a recent post, I referred to securing reporting under the NET framework by customizing the IAuthenticationExtension security extension interface. One does this to override the default Windows Authentication mode and put a third-party security utility to work. Stepping back, however, posters often pose the question: is NET inherently more secure than that other hugely popular platform, J2EE? In other words, are open-source cryptographic tools just as good as commercial software?

The other day, the folks at Nashua(NH)-based HyTech Professionals, able code developers at J2EE and Net frameworks both, sent along an interesting showdown between the two platforms. Seems two Professors Francia (spouses, I hazard) of Jacksonville State U’s Computer Security and Forensics Laboratory got themselves a grant from the National Science Foundation. In short, this was a scientific test of cryptographic API’s running under Java and NET frameworks.

The head-to-head test involved four encryption algorithms (DES, Triple DES, RC2 and AES), as well as four message digest algorithms (MD5, SHA 1, 256 and 512). At the time, NET framework 2.0 was in use hence the test bed was System.Security.Cryptography under the VS development environment and C# language. The result was that the NET framework API’s ran almost twice faster than Java API’s. For the most part, Net framework message digest API’s also did better than their Java counterparts. The result likewise favored native NET framework applications (the test included exchanging environments and, for instance, running Java API’s in Windows) when researchers normalized the comparison by stripping the test conditions of file I/O operations.

All in all, the individual packages each have their encryption strengths. However, NET framework implementations generally worked more speedily. And that is hard science.

1 comment:

Ranvir Singh said...

loved reading your blog....
Thanks for sharing the information....
Thanks