Francesco Sullo (pictured) has created aSSL: AJAX Secure Service Layer, an open source library built to substitute the need for SSL in AJAX applications. aSSL is a library distributed under MIT License that implements a technology similar to SSL without HTTPS.
aSSL enables the client to negotiate a secret random 128-bit key with the server using the RC4 algorithm. Once a connection has been established, the data will be sent and received using BlockTEA algorithm (a derivation of DES). aSSL 1.0 uses a 64-bit key. Version 1.1 uses a 128-bit key with a technique similar to Double Key Triple DES, that Sullo calls Double Key Quadruple DES. This allows a level of security closer to AES encryption. In fact, aSSL is moving towards AES.
aSSL is an AJAX open source library built to send data safely over the Internet when SSL is not available, or not needed. aSSL is an tool for developers which includes both client and server-side code - just code, it has no user "on-screen" interface. The library can be easily integrated into an existing web application. The developer need simply use the built in methods to pass aSSL the data he wants to send to the server: the client-side code then encrypts it, sends it to the server-side code and returns the server response.
