This week’s Sprint retrospective we decided to look up different types of encryption services. Everyone had an encryption service that they were to look up and then write a shorts program see how it works. We decided out of all the encryption service out there we wanted to look at crypto-JS, Forge, web crypto, pouchdb, and bcryptjs. The one I researched was forged encryption service. It did do what we wanted however we decided not to use it because it has not been updated in over a year. There were also the security issues of ddos and there was an issue in the package where it was vulnerable to timing attacks due to unsage HMAC comparison. So since we are working with sensitive data and did not want it to be leaked. Forge was out of the picture. Pouchdb was another one that we ruled out because this encryption service was made by someone that did it during their free time so it wasn’t updated regularly. The encryption service that we did decide to use was cryptojs because it was the simplest encryption service that we could have used and is not too old and the last update was not that long ago.
Finally, we decide what kind of encryption service we wanted to use. We started to talk about how we encrypt the data that is given to us. Oran gave an idea that we would encrypt the data as it comes our way so it would act like a blanket. Whenever some data such as a string, array, and any other sensitive information would come through the encryption service. It would take that data and encrypt it. However, Oren had a colleague that was familiar with encryption services and he told him that data like that should be encrypted already. So that brought up a good point we want to ask Ampath if they have the data already encrypted or is this encryption service itself supposed to encrypt the data that they have. for now, moving forward we decided that we’re going to act like they need the data to be encrypted. We also need to start working with the other teams to know what data that is going to be given us to us and if cryptojs would be able to work with what they are planning.
For the next week I will be studying up more on cryptojs and then trying to help the team write a basic program that can take inputs and give outputs of strings, letters, and words. I learned a lot about encryption during the week that we were encryption service in the beginning I did not know how the encryption service works such as what was salt and encrypt a string how would it remember what encryption that use to the string. If you were to send it to another device to be encrypted with that device need that same type of program to unencrypted password. These were questions that I had when I first started this project however as I continue to research the more and more I learned about how encryption works. So, it made it easier to understand what my teammates were talking about and I would be able to help them with their stuff and they can help me with mine.