Vulnerability Development mailing list archives

Re: Encryption Algorithm Footprint

From: "Ryan Permeh" <ryan () eEye com>
Date: Wed, 6 Feb 2002 09:41:16 -0800

you may need to examine the specific protocol.  open protocols typically can
negotiate the strength and type of cipher used, in which case, if you have
the negotiation phase(typically part of the initital key exchange phase) of
a protocol, you can gather which symetric algorithm was used for transit.
If this is a closed protocol, it may have a single symetric algorithm,
negating the need for a negotiation phase.

You may also want to attempt some plaintext crypt attacks against this.  if
you know anything about the protocol, you may be able to do some testing
with your key data against common algorithms in an attempt to see what comes
up as plaintext.  Since you have the key, and the crypted data, getting
crypted data of data you already know should prove or disprove any
algorithmic tests.

Finally, if you are equiped to do so, you may want to take this away from a
black box test.  Since you have the program, use debugging and disassembly
techniques to isolate and tag your algorithm in your client binary.  This is
likely to be a last resort, but it will almost always work (it will take
time and somewhat specialized skills).


Hope this helps.
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "fooyu" <security () fooyu com>
To: <vuln-dev () securityfocus com>
Sent: Wednesday, February 06, 2002 12:49 AM
Subject: Encryption Algorithm Footprint

I am auditing one of my critical service system. This system provides our

users a method of stock exchange. By using ethereal I found the data packets
was encypted like in SSL. Next I found the private key in my server and
encypted symmetric key payload in the captured packets. After successfully
decrypting the 16- bytes symmetric key, I test many encryption algorithm to
decrypted the captured ciphertext, but all failed.


I want to know if encryption algorithm has footprint. Is there any

technica to find which encryption algorithm it used?


Thank you all and Happy Chinese New year!

Haiyan Chen

***********************
[security () fooyu com]
www.fooyu.com
***********************

Current thread:

Encryption Algorithm Footprint fooyu (Feb 06)
- Re: Encryption Algorithm Footprint Jose Nazario (Feb 06)
- Re: Encryption Algorithm Footprint Ryan Permeh (Feb 06)
- Re: Encryption Algorithm Footprint Robert Freeman (Feb 06)
- Re: Encryption Algorithm Footprint Dominik Russenberger (Feb 06)
- Re: Encryption Algorithm Footprint lgx (Feb 06)
- <Possible follow-ups>
- RE: Encryption Algorithm Footprint Ed Moyle (Feb 06)