Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Which encryption algorithm used?
From: "Adam Tuliper" <amt () gecko-software com>
Date: Wed, 26 May 2004 10:13:27 -0400

Im not sure how visual studio (or java for that matter)
would come into play in this at all. I'll assume you mean
using for ex. the dotnet framework. In that case there are
several managed classes and then some crypto api provider
classes. Considering that your ciphertext is a function of
your plaintext and the algorithm, your cipher text can be a
complete seemingly random piece of data. Sure it can be
cryptanalyed (frequency analysis, etc - see Bruce Schnier's
Applied Cryptography for an excellent resource), but to
look at what _should_ be a random seeming piece of data and
determine the algorithm would seem to be a failure of the
algorithm itself. There are many many algorithms out there
and to use length of a ciphertext block means nothing
except that is may be using padding on the end to reach a
certain block size. If its a feedback algorithm, feeding
the results into itself again.. good luck.

Heres a neat project:
http://burtleburtle.net/bob/crypto/findingc.html

Note in the first sentence:
"If the block cipher has, oh, addition as well, the results
of this program are amazingly worthless"


On Wed, 26 May 2004 15:52:10 +0300
 "Marian Ion" <marian.ion () e-licitatie ro> wrote:
Hello all,
If you would use Visual Studio or java, it would be quite
easy (built-in
classes), and there are many examples on the web.
Otherwise, a little bit difficult, because you would have
to know everything
about several encryption and hashing algorithms...

Marian Ion.





-----Original Message-----
From: stevenr () mastek com [mailto:stevenr () mastek com] 
Sent: Wednesday, May 26, 2004 10:41 AM
To: webappsec () securityfocus com
Subject: Which encryption algorithm used?

Hi all

Is it possible to identify the encryption algorithm used
by looking at the
format of the encrypted string? Of course I understand we
not may be 100%
accurate but there could be a chance we hit home. To give
an example,
probably a 32 character string could be a MD5 hash, and a
string ending with
== could be base 64 encoding. Is there any tool which can
give a list of
possible algos used, if provided with the encrypted
string? anyone know of
any site which has info on this ?


Thanks in advance
Steve


MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service
Exporters List.
In the US, we're called MAJESCO


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the
individual and not that
of Mastek Limited, unless specifically indicated to that
effect. Mastek
Limited does not accept any responsibility or liability
for it. This e-mail
and attachments (if any) transmitted with it are
confidential and/or
privileged and solely for the use of the intended person
or entity to which
it is addressed. Any review, re-transmission,
dissemination or other use of
or taking of any action in reliance upon this information
by persons or
entities other than the intended recipient is prohibited.
This e-mail and
its attachments have been scanned for the presence of
computer viruses. It
is the responsibility of the recipient to run the virus
check on e-mails and
attachments before opening them. If you have received
this e-mail in error,
kindly delete this e-mail from all computers.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]