January 31st, 2013, 11:29 AM
Some starting material to test encryption tool
Hey Dev Shed,
So today at my company I was asked if I wanted to learn some new stuff. I of course being a fresh out of college graduate said yes. I was assigned to test the encryption tool that we are including in our software for the medical field. As the 2nd in command of the testing team, I wanted to learn as much as I could and then teach my team down the line.
This is my first time ever touching, researching, learning about encryption period. So like most unfamiliar new items that come my way, I kinda get overwhelmed with what a good starting place to learn is. I have done generic google searches, wiki lookings, but everything is so unfamiliar and confusing (atm). Now I do come from a programming background in C# and C++, but no longer program (stopped after 5yrs of programming, just got burnt out).
So my main question is can anyone suggest a great starting point and what key branches I should look at if I want to continue learning. I am very interested in this personally and I would really like to make this software as secure as possible because well its medical software.
Thanks in advance,
January 31st, 2013, 01:27 PM
I have also looked at the FAQ thread and will start dabbling into those topics, just want to see what some of you daily users started with in actually learning the terms, workflow, etc to understand encryption
Originally Posted by hicks16
January 31st, 2013, 02:18 PM
Does your software use published algorithms like AES or is it something locally invented
On the one hand, there is the kind of testing that makes sure the algorithm is implemented correctly. For published algorithms, this is relatively easy as they typically come with known test cases.
On the other hand, testing to make sure the implementation is secure (doesn't leak information) is another matter entirely.
For example, if you're running on an OS with a swap file, make sure that the keys don't get swapped out to disk. So you might be looking at making sure memory is 'locked' in some way, and making sure keys are erased as soon as the work is complete.