Saturday, March 19, 2016

Testing for Cryptographic algorithm and hash misuses

Over the years, we have experienced security-aware applications used various forms of encryption/encoding.  In such applications,  we found programmers incorrectly implement cryptographic schemes, either disclosing keys in client-side, keys in json format in server response.

Some of the tools we used:

Bletchley: https://github.com/ecbftw/bletchley (analyze - https://github.com/ecbftw/bletchley/blob/master/wiki/Overview.wiki#bletchleyanalyze)

CrypTool2: https://www.cryptool.org/en/cryptool2


No comments:

Post a Comment