mailing list archives
Re: Which encryption algorithm used?
From: exon <exon () home se>
Date: Wed, 26 May 2004 16:21:37 +0200
stevenr () mastek com wrote:
Is it possible to identify the encryption algorithm used by looking at
the format of the encrypted string? Of course I understand we not may be
100% accurate but there could be a chance we hit home.
With a crypto worth anything what so ever; Absolutely zero.
You may be able to 'see' difference between different modes, but the
output of a dual key-based encryption algorithm is supposed to be
totally random (computer-generated whatever never is, that's why it "is
supposed to be" instead of just "is").
To give an example,
probably a 32 character string could be a MD5 hash, and a string ending with
== could be base 64 encoding.
MD5 hashes are one-way encryption, so I don't see what good it would do
(you'd know when it's MD5 anyway, based on implementation guessing). I
can think of a couple of other things which would be 32 chars long as
well (including rot13 and xor :-) ).
Any encryption method might create output ending in ==, so this isn't
really a good method.
Is there any tool which can give a list of possible
algos used, if provided with the encrypted string? anyone know of any site which
has info on this ?
There aren't actually that many (good enough) algorithms, so a wild
guess based on origin would probably be your best shot.
A couple of thumb rules here;
* Script-kiddies at home tend to protect their online gaming cheat-codes
with 2048-bit DSA encryption.
* MS customers tend to use weaker cryptos and sillier hashing methods
than the equivalent opensource solution, unless it's something really,
really important and expensive.
* Protocols that transfer high amounts of data usually use
CPU-friendlier cryptos (often weaker), than those written to control or
authenticate one thing or another (like ssh).
Thanks in advance
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO