Re: Which encryption algorithm used?

["Adam Tuliper" <amt () gecko-software com>]

Im not sure how visual studio (or java for that matter)
would come into play in this at all. I'll assume you mean
using for ex. the dotnet framework. In that case there are
several managed classes and then some crypto api provider
classes. Considering that your ciphertext is a function of
your plaintext and the algorithm, your cipher text can be a
complete seemingly random piece of data. Sure it can be
cryptanalyed (frequency analysis, etc - see Bruce Schnier's
Applied Cryptography for an excellent resource), but to
look at what _should_ be a random seeming piece of data and
determine the algorithm would seem to be a failure of the
algorithm itself. There are many many algorithms out there
and to use length of a ciphertext block means nothing
except that is may be using padding on the end to reach a
certain block size. If its a feedback algorithm, feeding
the results into itself again.. good luck.

Heres a neat project:
http://burtleburtle.net/bob/crypto/findingc.html

Note in the first sentence:
"If the block cipher has, oh, addition as well, the results
of this program are amazingly worthless"


On Wed, 26 May 2004 15:52:10 +0300
 "Marian Ion" <marian.ion () e-licitatie ro> wrote:
> Hello all,
> If you would use Visual Studio or java, it would be quite
> easy (built-in
> classes), and there are many examples on the web.
> Otherwise, a little bit difficult, because you would have
> to know everything
> about several encryption and hashing algorithms...
>
> Marian Ion.
>
>
>
>
>
> -----Original Message-----
> From: stevenr () mastek com [mailto:stevenr () mastek com] 
> Sent: Wednesday, May 26, 2004 10:41 AM
> To: webappsec () securityfocus com
> Subject: Which encryption algorithm used?
>
> Hi all
>
> Is it possible to identify the encryption algorithm used
> by looking at the
> format of the encrypted string? Of course I understand we
> not may be 100%
> accurate but there could be a chance we hit home. To give
> an example,
> probably a 32 character string could be a MD5 hash, and a
> string ending with
> == could be base 64 encoding. Is there any tool which can
> give a list of
> possible algos used, if provided with the encrypted
> string? anyone know of
> any site which has info on this ?
>
>
> Thanks in advance
> Steve
>
>
> MASTEK
> "Making a valuable difference"
> Mastek in NASSCOM's 'India Top 20' Software Service
> Exporters List.
> In the US, we're called MAJESCO
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Opinions expressed in this e-mail are those of the
> individual and not that
> of Mastek Limited, unless specifically indicated to that
> effect. Mastek
> Limited does not accept any responsibility or liability
> for it. This e-mail
> and attachments (if any) transmitted with it are
> confidential and/or
> privileged and solely for the use of the intended person
> or entity to which
> it is addressed. Any review, re-transmission,
> dissemination or other use of
> or taking of any action in reliance upon this information
> by persons or
> entities other than the intended recipient is prohibited.
> This e-mail and
> its attachments have been scanned for the presence of
> computer viruses. It
> is the responsibility of the recipient to run the virus
> check on e-mails and
> attachments before opening them. If you have received
> this e-mail in error,
> kindly delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/