WebApp Sec mailing list archives

Re: Which encryption algorithm used?

From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Thu, 27 May 2004 01:03:13 -0700

On Wed, 2004-05-26 at 07:20, John Borwick wrote:

Pitts, Christopher C. wrote:

With a proper algorithm, it should be nearly impossible.  That being said, many implementations, stick a header or 
footer that can be used to identify the method used.  Take a look at mcrypt and it's bare function, you can use it 
to compare the stripped (--base IIRC) ouput of the different algorithms.

[snip]

What do you mean, "with a proper algorithm"?  Cryptographic algorithms 
are supposed to be secure *even when the methods used are known*.  The 
only thing that has to be secret is the key.


In addition, this isn't always the case. I've included a URL for a paper
on some weaknesses in RC4. One of the attacks they reference allows data
encrypted with that algorithm to be distinguished from random data.

http://citeseer.ist.psu.edu/531224.html

There may be similar "distinguishers" for other algorithms. (This is a
cryptographic weakness, so I suppose it is still true that a "proper"
(perfect) algorithm would seem to be noise.)

-- Adam

Current thread:

Which encryption algorithm used? stevenr (May 26)
- RE: Which encryption algorithm used? Marian Ion (May 26)
  - Re: Which encryption algorithm used? Adam Tuliper (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- <Possible follow-ups>
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 26)
  - Re: Which encryption algorithm used? John Borwick (May 26)
    - Re: Which encryption algorithm used? windo (May 27)
    - Re: Which encryption algorithm used? Adam Lydick (May 27)
    - Re: Which encryption algorithm used? exon (May 31)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 27)
- RE: Which encryption algorithm used? Tom Arseneault (May 27)
- RE: Which encryption algorithm used? Michael Silk (May 27)