Re: [PEN-TEST] cryptanalysis software

[Randy Nichols <comsec () EPIX NET>]

Sent: Monday, December 04, 2000 6:45 PM
Subject: FW: [PEN-TEST] cryptanalysis software


Hi Pierre


Dan Ryan gave me your name and your potential interest in automated
cryptanalytic
testing software.

There is an automated statistical software package (ATS) that can do an
excellent vertical differentiation  and a reasonable horizontal
differentiation of about 75 different commercial cipher systems based on
analysis of ciphertext or suspected ciphertext. It also tests the random
number generation, based on standard NIST FIPS 140-1,2 standards. I have
used it in my consulting and improved it for several years ( as the various
cipher systems have grown/ changed or introduced). I have been able to
detect changes in product offerings and detect encrypted traffic in
some very sensitive assignments.  ATS can be used to look at network traffic
and packetized traffic and has various options to pear down the headers to
get to the VPN or IPSec traffic.

ATS has some limitations. Steganography laced with 3DESor RC5 yields
signatures that are more difficult to interpret. I have only characterized
Rijndael (my favorite) and Twofish in the current AES 5-finalist group. ATS
is not as rigorous as the NIST tools and is not used for certification at
NIST levels.

Theoretically perfect algorithms yielding white noise signatures are
indistinguishable. However, implementations are not perfect and platforms
respond differently. The latter two permit statistical and probabilistic
analysis of the various cipher product offerings.
My "ICSA Guide To Cryptography," McGraw Hill, 1999 has a brief discussion in
Chapter 21.

Let me know if you are interested further.

Best regards.

Randall K. Nichols
Professor, The George Washington University
School of Applied Sciences & Engineering Management (SEAS)
&
Vice President - Cryptography
TeleHubLink Corporation

1-717-258-5693 office
1-717-329-9836 cell
1-717-258-8316 fax





> -----Original Message-----
> From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
> Of Pierre Vandevenne
> Sent: Monday, December 04, 2000 5:13 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] cryptanalysis software
>
>
> On Mon, 4 Dec 2000 11:12:58 -0500, Jose Nazario wrote:
>
> > last week's discussion on encryption in a pen test got me thinking. do
any
> > of you know of any software that can evaluate a block of data and make a
> > decent guess as it if the data is potentially encrypted data, and if so
> > with what algorithms? when compared to purely random bits, that is.
>
> This paper might be of interest
>
> http://csrc.nist.gov/encryption/aes/round1/r1-rand.pdf
>
> I don't think discrimination will be possible with purely random bits.
>
> OTOH, normally, the non encrypted traffic in itself isn't random.
> ---
> Pierre Vandevenne - DataRescue sa/nv
> Home of the IDA Pro Disassembler  -  Version 4.15 now available !
> http://www.datarescue.com/idabase/ida.htm