mailing list archives
RE: Which encryption algorithm used?
From: "Tom Arseneault" <TArseneault () counterpane com>
Date: Wed, 26 May 2004 15:08:31 -0700
First, one pseudo random pattern looks pretty much like anyother. So if
you just have the encrpted note with no header or footer information any
good algorithm will output pseudo random patterns that are
indistinguishable from any other. Second, just because a proper
algorithm should only rely on the key for secuirty, a little secuity
thru obscurity always helps if it slows down his/her/it's cracking
procedure (waste his/her/it's time tracing down the wrong algorithm).
Third I think Christopher is right, (and this is a guess as I don't do
crypto software development) products that support muliple encryption
algorithms (such as PGP/GPG email products) probably have to include
this information in the file somewhere (header or footer or in the
public key package, I think in would be in the key package as if you
tell the sender to use a certain algorithm it should also help with
interoperability between vendors products if they support different sets
of algorithms with only one or two in common) so the recipient can
decrypt it properly.
Thomas J. Arseneault
Counterpane Internet Security
tarseneault () counterpane com
From: John Borwick [mailto:borwicjh () wfu edu]
Sent: Wednesday, May 26, 2004 7:21 AM
To: Pitts, Christopher C.
Cc: webappsec () securityfocus com
Subject: Re: Which encryption algorithm used?
Pitts, Christopher C. wrote:
With a proper algorithm, it should be nearly impossible. That being
said, many implementations, stick a header or footer that can be used to
identify the method used. Take a look at mcrypt and it's bare function,
you can use it to compare the stripped (--base IIRC) ouput of the
What do you mean, "with a proper algorithm"? Cryptographic algorithms
are supposed to be secure *even when the methods used are known*. The
only thing that has to be secret is the key.
Wake Forest University | web http://www.wfu.edu/~borwicjh
Winston-Salem, NC, USA | GPG key ID 56D60872
- RE: Which encryption algorithm used?, (continued)