|
WebApp Sec
mailing list archives
Re: Which encryption algorithm used?
From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Thu, 27 May 2004 01:03:13 -0700
On Wed, 2004-05-26 at 07:20, John Borwick wrote:
Pitts, Christopher C. wrote:
With a proper algorithm, it should be nearly impossible. That being said, many implementations, stick a header or
footer that can be used to identify the method used. Take a look at mcrypt and it's bare function, you can use it
to compare the stripped (--base IIRC) ouput of the different algorithms.
[snip]
What do you mean, "with a proper algorithm"? Cryptographic algorithms
are supposed to be secure *even when the methods used are known*. The
only thing that has to be secret is the key.
In addition, this isn't always the case. I've included a URL for a paper
on some weaknesses in RC4. One of the attacks they reference allows data
encrypted with that algorithm to be distinguished from random data.
http://citeseer.ist.psu.edu/531224.html
There may be similar "distinguishers" for other algorithms. (This is a
cryptographic weakness, so I suppose it is still true that a "proper"
(perfect) algorithm would seem to be noise.)
-- Adam
 By Date 
By Thread
Current thread:
- Re: Which encryption algorithm used?, (continued)
|
Intro
