![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
Re: Determining the encryption used
From: Tonnerre Lombard <tonnerre.lombard () sygroup ch>
Date: Fri, 12 May 2006 06:58:31 +0100
Salut, On Thu, 2006-05-11 at 18:20, John Madden wrote:
Is it possible to determine the encryption used by "looking" at the encrypted results or lenght ?
A perfect symmetric cipher returns a big bunch of random bytes.
I know that with Base64 it's pretty easy because of the "==" at the end.
base64 is an encoding. Even EBCDIC is more secure than that these days. :-P (BTW, the DES encoding is also not very hard to determine. ;-)
Also if there are any tools besides openssl that you found usefull to try all the cipher, consecutively with a passphrase/keyword against a file/string
It would decrypt about anything to about anything else. In fact, most programs that support different encryption types do in fact have some kind of "envelope" to stick their data into. This "envelope" is mostly implementation specific but contains all information about the ciphers used. However, most of the time it is transferred with asymmetric crypto on, so it's a bit hard to tell unless someone really broke it. However, most applications have a default preference. That is, nowadays most programs are somewhat AES-192-phile even though noone would actually recommend the use of AES (I hope). However, passwords or whatever stored in a database are not encrypted with a symmetric cipher most of the time (Except for DES "encoded" passwords). In this area you can usually tell the hash by the length of the stored data (but you can't correlate it to the length of the original input): 7 bytes / 56 bit -> DES 32 bytes / 256 bit -> MD5 or SHA2 40 bytes / 320 bit -> SHA1 64 bytes / 512 bit -> SHA2 96 bytes / 768 bit -> SHA2 The byte values assume that you use hexadecimal encoding. With base64, they're different of course. Refer to the number of used bytes then. BTW, if you're free to choose a hash function for your program, don't use DES, MD5 or SHA1. DES isn't worth anything more than EBCDIC these days, MD5 has 8 bit of security margin left (so if you attack it, you need to bruteforce 256 possibilities to find a collision - not really hard to do), and SHA1 isn't that much safer anymore either. SHA2 isn't really good at that, but at least it didn't fall apart that much yet. Call to everyone: we need a new decent hash function! Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach Web:www.sygroup.ch tonnerre.lombard () sygroup ch
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Determining the encryption used John Madden (May 11)
- Re: Determining the encryption used Art Cooper (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Rodrigo Ramos (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Byron Sonne (May 12)
- Re: Determining the encryption used Peter Kosinar (May 12)
- Re: Determining the encryption used Tonnerre Lombard (May 12)
- Re: Determining the encryption used Tim (May 12)
- Re: Determining the encryption used Phoebe Tunstall (May 12)
- Re: Determining the encryption used Peter Kosinar (May 13)
- Re: Determining the encryption used Tim (May 13)
- Re: Determining the encryption used Tim (May 12)
- RE: Determining the encryption used Sahir Hidayatullah (May 12)
- Re: Determining the encryption used thomas springer (May 12)
- Re: Determining the encryption used Dotzero (May 12)
- <Possible follow-ups>
- Re: Determining the encryption used iccs-abr (May 12)
- RE: Determining the encryption used Bob Bell (rtbell) (May 12)
- Re: Re: Determining the encryption used cwright (May 12)