• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

128-bit encryption at a minimum

 
Unni Pillai
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi All,

In Part 2 assignment to achieve the "128-bit encryption at a minimum" NFR do we need to do some extra stuff or showing https communication in the diagrams is good enough? or we need to mention about the SSL certificate in the assumption part?

Any insight is appreciated.

Thanks
 
Sharma Ashutosh
Bartender
Posts: 346
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Remember what Cade has said in his book - mentioning just what is not enough - you have to specify how and why also.
So you need to provide your Architecture and design thoughts in terms of how you will achieve at least 128 bit encryption. So if you are planning to use asymmetric or symmetric keys or Digital signatures(passing the public keys)-this should be mentioned. Also the Encryption algorithm should be choosen and shown and why you made that decision?
For example if you have any Web services-one should mention how you are passing public keys to the other party and how you are creating a digest in the SOAP header to avoid MITM or replay attacks.
Part 2 and Part 3 are build on top of Part 1 so apply the leanings from Part1.
Hope this helps.
 
Yegor Bugayenko
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Let me disagree with Sharma. I think that SSL encryption over HTTP is a very basic and fundamental today. Software architect should not bother his/her designers with such low level details. Designers can manage such problems without architect's attention. Just showing <<HTTPS>> stereotype on component diagram would be more than enough. That's how I did it in my exam.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic