Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: Which encryption algorithm used?
From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Thu, 27 May 2004 01:03:13 -0700

On Wed, 2004-05-26 at 07:20, John Borwick wrote:
Pitts, Christopher C. wrote:
With a proper algorithm, it should be nearly impossible.  That being said, many implementations, stick a header or 
footer that can be used to identify the method used.  Take a look at mcrypt and it's bare function, you can use it 
to compare the stripped (--base IIRC) ouput of the different algorithms.
[snip]

What do you mean, "with a proper algorithm"?  Cryptographic algorithms 
are supposed to be secure *even when the methods used are known*.  The 
only thing that has to be secret is the key.

In addition, this isn't always the case. I've included a URL for a paper
on some weaknesses in RC4. One of the attacks they reference allows data
encrypted with that algorithm to be distinguished from random data.

http://citeseer.ist.psu.edu/531224.html

There may be similar "distinguishers" for other algorithms. (This is a
cryptographic weakness, so I suppose it is still true that a "proper"
(perfect) algorithm would seem to be noise.)

-- Adam


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault