Chalk is the server part of the magnesia image manager. It is basically just a small set of classes that handle and serve requests as defined by the protocol (should be written down at some point).
Currently Chalk does not depend on any external libraries, however, it might use JAI in future as an optional addition.
Chalk uses a challenge-response protocol to authenticate clients. This makes it possible to authenticate clients without sending the passwords in plaintext over public lines.
Chalk generates a random string of ~512 bits length and sends it to the client. The client encrypts this string using DES-CBC (Data Encryption Standard - Cipher Block Chaining) using the user's password and returns it to Chalk. Chalk also knows the user's password and tries to decrypt the returned message. If original and decrypted message match, the user authenticated succesfully.
"DES" you ask? Yes, DES using CBC mode is fully sufficient for authentication. First, the security is still with the password. If that is dumb, anyone can guess it anyway. Second, DES is quite secure. There's no real mathematical way of cracking it, the only problem is the relatively short effective key length of 48 bits. Yet, this yields quite a bunch of different possibilities ;).
There are two starters for chalk, in short called chalkbag, available that offer ways to control it.
With Java5, chalkbag opens a small window with two buttons. Java5 doesn't come with support for the system tray so this is the only possible way with Java5. This is also the fallback if your desktop doesn't support a system tray.
With Java6 we basically have support for the system tray on most window managers. If that's the case, chalkbag puts a small icon into the system tray.