#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    2
    Rep Power
    0

    Some starting material to test encryption tool


    Hey Dev Shed,

    So today at my company I was asked if I wanted to learn some new stuff. I of course being a fresh out of college graduate said yes. I was assigned to test the encryption tool that we are including in our software for the medical field. As the 2nd in command of the testing team, I wanted to learn as much as I could and then teach my team down the line.

    This is my first time ever touching, researching, learning about encryption period. So like most unfamiliar new items that come my way, I kinda get overwhelmed with what a good starting place to learn is. I have done generic google searches, wiki lookings, but everything is so unfamiliar and confusing (atm). Now I do come from a programming background in C# and C++, but no longer program (stopped after 5yrs of programming, just got burnt out).

    So my main question is can anyone suggest a great starting point and what key branches I should look at if I want to continue learning. I am very interested in this personally and I would really like to make this software as secure as possible because well its medical software.

    Thanks in advance,

    Hicks
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    2
    Rep Power
    0
    Originally Posted by hicks16
    Hey Dev Shed
    I have also looked at the FAQ thread and will start dabbling into those topics, just want to see what some of you daily users started with in actually learning the terms, workflow, etc to understand encryption
  4. #3
  5. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,392
    Rep Power
    1871
    Does your software use published algorithms like AES or is it something locally invented

    On the one hand, there is the kind of testing that makes sure the algorithm is implemented correctly. For published algorithms, this is relatively easy as they typically come with known test cases.

    On the other hand, testing to make sure the implementation is secure (doesn't leak information) is another matter entirely.

    For example, if you're running on an OS with a swap file, make sure that the keys don't get swapped out to disk. So you might be looking at making sure memory is 'locked' in some way, and making sure keys are erased as soon as the work is complete.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper

IMN logo majestic logo threadwatch logo seochat tools logo