Security Basics mailing list archives
Re: Detecting/estimate whether data is encrypted
From: john s <rwnin.security () gmail com>
Date: Fri, 19 Feb 2010 11:02:01 -0600
<notacryptoguy> your brainstorm sounds good at first glance... any data crypted with an algorithm that has headers and structure should be easy to find. other than that, most data used by systems and end-users should be structured or ordered (if you're collecting packets you may need to carve out the payload and do some re-assembly to get a good picture of the non-random structure), but well implemented crypto should (?) generate output with relatively high levels of entropy. keying in on data with relatively high entropy might be the place to start. no idea if compression would look similar or not. even if it does, many compression algorithms are well known, so running high-entropy data through a battery of decompression algorithms should remove many of your false positive results. your final results should be blobs of decently crypted data and random junk/noise. most systems and processes make attempts not to waste resources, so in theory the distribution of crypted data vs junk in the results should tilt in favor of crypted data...? </notacryptoguy> On Wed, Feb 17, 2010 at 11:19 AM, chris <chricki () gmx net> wrote:
Hi list, For the purpose of some research, I'd like to check if (or how likely) a piece of data is encrypted. I'm particularly interested in analyzing whether network traffic is encrypted. To make things easier: I don't mind which algorithm and/or key lengths are used, but just would like express on a scale from 0% to 100% how likely the data is encrypted. Some brainstorming led me to the conclusion that measuring the entropy of data may be a good start. Drawback: there may be false positives, mostly due to compression). Any other ideas? Thanks in advance, Chris ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Detecting/estimate whether data is encrypted chris (Feb 18)
- Re: Detecting/estimate whether data is encrypted xiandu (Feb 19)
- RE: Detecting/estimate whether data is encrypted Paul Jenkins (Feb 19)
- Re: Detecting/estimate whether data is encrypted john s (Feb 19)
- <Possible follow-ups>
- Re: Detecting/estimate whether data is encrypted rwh (Feb 19)
- Re: Detecting/estimate whether data is encrypted Ansgar Wiechers (Feb 19)