File Encryption Test

tangle · 07-24-2012, 05:09 AM

I have written a program to encrypt a file using AES encryiption in Python using PyCrypto. Is there a way to test the encryption? I would like to be sure that it is working the way it should. Thanks

acid_kewpie · 07-24-2012, 05:18 AM

depends what you mean by "test" really.. encrypt something manually and also with your script and compare them?

tangle · 07-24-2012, 12:49 PM

I want to test to see if it can be easily broken.

NyteOwl · 07-24-2012, 02:56 PM

T make sure the file was encrypted properly, encrypt it with your program and try decrypting it with someone elses. Unless you are using some special file format (or the other program is) it should decrypt properly.

If the encryption engine is impelemented properly the answer is no. The algorithm is fine for all normal use but if implemented incorrectly may be open to attack.

acid_kewpie · 07-25-2012, 02:01 AM

You have two parts, 1) the file IS AES encrypted or not. That's trivial to verift by decrypting it again legimately but 2) AES IS AES. Your AES encrypted file can't be any less well encrypted than anyone elses, so just read up on it - http://en.wikipedia.org/wiki/Advance...ption_Standard

tangle · 07-25-2012, 04:37 AM

Thanks

anomie · 07-30-2012, 02:15 PM

To put it another way, the AES block cipher you're using is not going to be the "weak link" in the chain that comprises your delivered application.

Software encryption is apparently quite difficult to implement properly, though. There are a lot of places for keys or sensitive data to unknowlingly (to you) end up on a complex OS, including temporary files (even unlinked ones), swap space, and RAM.

To speak to your questions / points:

Quote:

Originally Posted by tangle

I have written a program to encrypt a file using AES encryiption in Python using PyCrypto. Is there a way to test the encryption? I would like to be sure that it is working the way it should.

As mentioned by the other folks, if symmetric key + cipher can successfully decrypt ciphertext, then you've confirmed symmetric key + cipher were used to encrypt the plaintext.

Quote:

Originally Posted by tangle

I want to test to see if it can be easily broken.

Totally depends on context. The way you've implemented the encryption, and the way any third-party modules you're using have implemented the encryption, will determine whether it can be easily broken. (But, again, it's not going to be easily broken by someone performing a cryptanalysis on AES any time soon. Not when there is much lower hanging fruit.)

If you need substantial advice and direction on this topic, then I recommend both of:

Cryptography Engineering by Schneier and Kohno
Applied Cryptography by Schneier

There's not an easy answer. Deep, fundamental understanding will aid you in developing "good" software encryption.