Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Which encryption algorithm used?
From: exon <exon () home se>
Date: Wed, 26 May 2004 16:21:13 +0200

stevenr () mastek com wrote:
Hi all

Is it possible to identify the encryption algorithm used by looking at the format of the encrypted string? Of course I understand we not may be
100% accurate but there could be a chance we hit home.

With a crypto worth anything what so ever; Absolutely zero.

You may be able to 'see' difference between different modes, but the output of a dual key-based encryption algorithm is supposed to be totally random (computer-generated whatever never is, that's why it "is supposed to be" instead of just "is").

To give an example,
probably a 32 character string could be a MD5 hash, and a string ending with
== could be base 64 encoding.

MD5 hashes are one-way encryption, so I don't see what good it would do (you'd know when it's MD5 anyway, based on implementation guessing). I can think of a couple of other things which would be 32 chars long as well (including rot13 and xor :-) ).

Any encryption method might create output ending in ==, so this isn't really a good method.

Is there any tool which can give a list of possible
algos used, if provided with the encrypted string? anyone know of any site which
has info on this ?

There aren't actually that many (good enough) algorithms, so a wild guess based on origin would probably be your best shot.

A couple of thumb rules here;
* Script-kiddies at home tend to protect their online gaming cheat-codes with 2048-bit DSA encryption.

* MS customers tend to use weaker cryptos and sillier hashing methods than the equivalent opensource solution, unless it's something really, really important and expensive.

* Protocols that transfer high amounts of data usually use CPU-friendlier cryptos (often weaker), than those written to control or authenticate one thing or another (like ssh).

Thanks in advance

"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]