Penetration Testing mailing list archives
Re: [PEN-TEST] cryptanalysis software
From: Randy Nichols <comsec () EPIX NET>
Date: Tue, 5 Dec 2000 19:43:42 -0500
Sent: Monday, December 04, 2000 6:45 PM Subject: FW: [PEN-TEST] cryptanalysis software Hi Pierre Dan Ryan gave me your name and your potential interest in automated cryptanalytic testing software. There is an automated statistical software package (ATS) that can do an excellent vertical differentiation and a reasonable horizontal differentiation of about 75 different commercial cipher systems based on analysis of ciphertext or suspected ciphertext. It also tests the random number generation, based on standard NIST FIPS 140-1,2 standards. I have used it in my consulting and improved it for several years ( as the various cipher systems have grown/ changed or introduced). I have been able to detect changes in product offerings and detect encrypted traffic in some very sensitive assignments. ATS can be used to look at network traffic and packetized traffic and has various options to pear down the headers to get to the VPN or IPSec traffic. ATS has some limitations. Steganography laced with 3DESor RC5 yields signatures that are more difficult to interpret. I have only characterized Rijndael (my favorite) and Twofish in the current AES 5-finalist group. ATS is not as rigorous as the NIST tools and is not used for certification at NIST levels. Theoretically perfect algorithms yielding white noise signatures are indistinguishable. However, implementations are not perfect and platforms respond differently. The latter two permit statistical and probabilistic analysis of the various cipher product offerings. My "ICSA Guide To Cryptography," McGraw Hill, 1999 has a brief discussion in Chapter 21. Let me know if you are interested further. Best regards. Randall K. Nichols Professor, The George Washington University School of Applied Sciences & Engineering Management (SEAS) & Vice President - Cryptography TeleHubLink Corporation 1-717-258-5693 office 1-717-329-9836 cell 1-717-258-8316 fax
-----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Pierre Vandevenne Sent: Monday, December 04, 2000 5:13 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] cryptanalysis software On Mon, 4 Dec 2000 11:12:58 -0500, Jose Nazario wrote:last week's discussion on encryption in a pen test got me thinking. do
any
of you know of any software that can evaluate a block of data and make a decent guess as it if the data is potentially encrypted data, and if so with what algorithms? when compared to purely random bits, that is.This paper might be of interest http://csrc.nist.gov/encryption/aes/round1/r1-rand.pdf I don't think discrimination will be possible with purely random bits. OTOH, normally, the non encrypted traffic in itself isn't random. --- Pierre Vandevenne - DataRescue sa/nv Home of the IDA Pro Disassembler - Version 4.15 now available ! http://www.datarescue.com/idabase/ida.htm
Current thread:
- [PEN-TEST] cryptanalysis software Jose Nazario (Dec 05)
- Re: [PEN-TEST] cryptanalysis software Pierre Vandevenne (Dec 05)
- <Possible follow-ups>
- Re: [PEN-TEST] cryptanalysis software Randy Nichols (Dec 06)