Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Determining the encryption used
From: Byron Sonne <blsonne () rogers com>
Date: Thu, 11 May 2006 18:24:35 -0400

Is it possible to determine the encryption used by
"looking" at the encrypted results or lenght ?

I've hit this problem a number of times at work, and come to the rough conclusion that it's not a workable solution if all you have is just raw data without context.

I had thought of looking for structure and whatnot, but realized that it would be a sign of weakness in a cipher, and a probably a vector into cracking it. I'm not saying it's not possible, but I bet it would only be effective against really cheesy stuff.

I would really love to be proven wrong on this point. Particularly such that there is an effective, affordable and computationally practical technique that can be made into a tool that can accurately detect various encryption types ;) I don't care what it contains, just want to know what it is!

This List Sponsored by: Cenzic

Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]