Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Which encryption algorithm used?
From: "Pitts, Christopher C." <Christopher.Pitts () HaverstickConsulting com>
Date: Thu, 27 May 2004 09:59:15 -0500

products that support muliple encryption
algorithms (such as PGP/GPG email products) probably have to include
this information in the file somewhere (header or footer or in the
public key package, I think in would be in the key package as if you
tell the sender to use a certain algorithm it should also help with
interoperability between vendors products if they support different sets
of algorithms with only one or two in common) so the recipient can
decrypt it properly.

Actually, even many (most?) symmetric encryption products do this.  Pop open a file encrypted with something like 
mcrypt and you'll see what I mean.  Mcrypt, interestingly enough has an option (--bare IIRC) that will strip this out, 
but then requires you to specify the encryption cipher upon decryption as mcrypt will be unable to detect the cipher 
used. As others have mentioned, in a "perfect" crypto algorithm the crypt stream would be indistinguishable from random 
noise.  If it is not, then it is possible that that algorithm is susceptible to a frequency analysis attack using 
chosen ciphertext, but that's just my opinion.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]