Re: Encryption Algorithm Footprint

["Robert Freeman" <freem100 () chapman edu>]

Perhaps it is RC2-128 CBC. The first block will utilize a specified
"initialization vector" whereas subsequent encrypted block are XOR'd with
data from the previous block prior to encryption. Therefore if you have a
captured packet, you need to take into account the block chaining.

You can always do some data-mining on your binary. Often a lot can be
determined with a simple hex editor and a dissembler.

Happy Chinese New Year too!

Regards,
Robert Freeman

----- Original Message -----
From: "fooyu" <security () fooyu com>
To: <vuln-dev () securityfocus com>
Sent: Wednesday, February 06, 2002 12:49 AM
Subject: Encryption Algorithm Footprint


> I am auditing one of my critical service system. This system provides our
users a method of stock exchange. By using ethereal I found the data packets
was encypted like in SSL. Next I found the private key in my server and
encypted symmetric key payload in the captured packets. After successfully
decrypting the 16- bytes symmetric key, I test many encryption algorithm to
decrypted the captured ciphertext, but all failed.
> I want to know if encryption algorithm has footprint. Is there any
technica to find which encryption algorithm it used?
> Thank you all and Happy Chinese New year!
>
> Haiyan Chen
>
> ***********************
> [security () fooyu com]
> www.fooyu.com
> ***********************