User: Password:
Subscribe / Log in / New account

Test suites for cryptography

Test suites for cryptography

Posted Jan 20, 2011 12:27 UTC (Thu) by epa (subscriber, #39769)
In reply to: Tarsnap advisory provides a few lessons by michaeljt
Parent article: Tarsnap advisory provides a few lessons

You're right, a simple before-and-after test would have caught it.

A parallel approach would be to write a dummy cryptography library which essentially spews out the inputs unchanged - so the encrypt() function, rather than returning encrypted data, gives a string saying 'key = xxx, plaintext = yyy, parameters = zzz'. The dummy random number generator will just return 1, 2, 3 etc. You can then inspect the output by hand, or by an automated tool, to check for logic errors such as the same key being used twice when it should not be. This test would only be as good as the person writing the automated checker, but it might provide another chance to catch certain bugs.

(Log in to post comments)

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds