Home page logo

webappsec logo WebApp Sec mailing list archives

Re: Which encryption algorithm used?
From: exon <exon () home se>
Date: Sun, 30 May 2004 04:46:12 +0200

John Borwick wrote:
Pitts, Christopher C. wrote:

With a proper algorithm, it should be nearly impossible. That being said, many implementations, stick a header or footer that can be used to identify the method used. Take a look at mcrypt and it's bare function, you can use it to compare the stripped (--base IIRC) ouput of the different algorithms.


What do you mean, "with a proper algorithm"? Cryptographic algorithms are supposed to be secure *even when the methods used are known*. The only thing that has to be secret is the key.

And that's about exactly what he means. You can't determine what cipher was used to encrypt a message by looking at the encrypted message if the output is secure when the methods used are known. That's because the encrypted message would consist of a bunch of pseudo-random characters with no appearent coherence what so ever.

In this sense, rotation-, simple-hash and XOR-ciphers don't use "proper algorithms" because it's fairly simple to conclude that one of the three was used to encrypt a message by looking at the encrypted text ("hello" would look something like "ifmmp" with a rotation cipher and a key of 1).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]