| ||
Determining whether or not data is encrypted is usually a pretty straightforward taskone you can do just from looking at a packet capture. However, proving that message authentication is in use can be really tough when youre doing strict testing. You can get a sense of it if the message isnt encrypted, but at the end of each message there appears to be a fixed number of bytes of random looking data.
It is also pretty straightforward to determine from a testing perspective whether youre seeing SSL-encrypted data. You can use ssldump (www.rtfm.com/ssldump/) to detect SSL/TLS-encrypted traffic.
Ultimately, testing to see whether people are using the right algorithms and using them in the right way is an incredibly difficult task to do, especially if youre just doing black-box testing. Therefore, for more sophisticated checking (making sure people are using good modes, strong key material, and the like), it is far more effective to simply perform code review.