Re: Encryption Algorithm Footprint

[Jose Nazario <jose () biocserver BIOC cwru edu>]

On Wed, 6 Feb 2002, fooyu wrote:

> I want to know if encryption algorithm has footprint. Is there any
> technica to find which encryption algorithm it used?

<nb: i'm not a cryptographer, i just enjoy reading about this a bit. this
is a question i faced last year in a project which we dropped.>

none that i know of, aside from very minor odd cases (ie the RC4 second
bit in the key being zero) or bad algorithms or implementations.

the best you can do is to look at the entropy of the output, which will
typically approach random for decent algorithms, not allowing you to
differentiate the algorithms.

other indicators may be useful, though, like the output size of the
cihpertext (ie is it a regular boundary, or not), which can help you start
to determine if its a block cipher in chaining mode or a stream cipher.
secondly, look at typical applications used in that field and that
location, you can probably tackle a few algorithms first that are likely
to be in use rather than not. ie lotus notes wont use AES or other
advanced ciphers, typically, at this time.

in short, you have a difficult problem ahead of you. but you can start to
narrow it down based on probabilities and some basic detective work.

> Thank you all and Happy Chinese New year!

happy lunar new year to you, as well.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)