Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Which encryption algorithm used?
From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Thu, 27 May 2004 01:03:13 -0700

On Wed, 2004-05-26 at 07:20, John Borwick wrote:
Pitts, Christopher C. wrote:
With a proper algorithm, it should be nearly impossible.  That being said, many implementations, stick a header or 
footer that can be used to identify the method used.  Take a look at mcrypt and it's bare function, you can use it 
to compare the stripped (--base IIRC) ouput of the different algorithms.

What do you mean, "with a proper algorithm"?  Cryptographic algorithms 
are supposed to be secure *even when the methods used are known*.  The 
only thing that has to be secret is the key.

In addition, this isn't always the case. I've included a URL for a paper
on some weaknesses in RC4. One of the attacks they reference allows data
encrypted with that algorithm to be distinguished from random data.


There may be similar "distinguishers" for other algorithms. (This is a
cryptographic weakness, so I suppose it is still true that a "proper"
(perfect) algorithm would seem to be noise.)

-- Adam

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]