WebApp Sec mailing list archives
RE: Which encryption algorithm used?
From: "Tom Arseneault" <TArseneault () counterpane com>
Date: Wed, 26 May 2004 15:08:31 -0700
John, First, one pseudo random pattern looks pretty much like anyother. So if you just have the encrpted note with no header or footer information any good algorithm will output pseudo random patterns that are indistinguishable from any other. Second, just because a proper algorithm should only rely on the key for secuirty, a little secuity thru obscurity always helps if it slows down his/her/it's cracking procedure (waste his/her/it's time tracing down the wrong algorithm). Third I think Christopher is right, (and this is a guess as I don't do crypto software development) products that support muliple encryption algorithms (such as PGP/GPG email products) probably have to include this information in the file somewhere (header or footer or in the public key package, I think in would be in the key package as if you tell the sender to use a certain algorithm it should also help with interoperability between vendors products if they support different sets of algorithms with only one or two in common) so the recipient can decrypt it properly. Thomas J. Arseneault Security Engineer Counterpane Internet Security tarseneault () counterpane com -----Original Message----- From: John Borwick [mailto:borwicjh () wfu edu] Sent: Wednesday, May 26, 2004 7:21 AM To: Pitts, Christopher C. Cc: webappsec () securityfocus com Subject: Re: Which encryption algorithm used? Pitts, Christopher C. wrote:
With a proper algorithm, it should be nearly impossible. That being
said, many implementations, stick a header or footer that can be used to identify the method used. Take a look at mcrypt and it's bare function, you can use it to compare the stripped (--base IIRC) ouput of the different algorithms. [snip] What do you mean, "with a proper algorithm"? Cryptographic algorithms are supposed to be secure *even when the methods used are known*. The only thing that has to be secret is the key. -- John Borwick Systems Administrator Wake Forest University | web http://www.wfu.edu/~borwicjh Winston-Salem, NC, USA | GPG key ID 56D60872
Current thread:
- RE: Which encryption algorithm used?, (continued)
- RE: Which encryption algorithm used? Marian Ion (May 26)
- Re: Which encryption algorithm used? Adam Tuliper (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 26)
- Re: Which encryption algorithm used? John Borwick (May 26)
- Re: Which encryption algorithm used? windo (May 27)
- Re: Which encryption algorithm used? Adam Lydick (May 27)
- Re: Which encryption algorithm used? exon (May 31)
- Re: Which encryption algorithm used? John Borwick (May 26)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 27)
- RE: Which encryption algorithm used? Tom Arseneault (May 27)
- RE: Which encryption algorithm used? Michael Silk (May 27)
- RE: Which encryption algorithm used? Marian Ion (May 26)