WebApp Sec mailing list archives
Re: Which encryption algorithm used?
From: exon <exon () home se>
Date: Wed, 26 May 2004 16:21:13 +0200
stevenr () mastek com wrote:
Hi allIs it possible to identify the encryption algorithm used by looking at the format of the encrypted string? Of course I understand we not may be100% accurate but there could be a chance we hit home.
With a crypto worth anything what so ever; Absolutely zero.You may be able to 'see' difference between different modes, but the output of a dual key-based encryption algorithm is supposed to be totally random (computer-generated whatever never is, that's why it "is supposed to be" instead of just "is").
To give an example, probably a 32 character string could be a MD5 hash, and a string ending with == could be base 64 encoding.
MD5 hashes are one-way encryption, so I don't see what good it would do (you'd know when it's MD5 anyway, based on implementation guessing). I can think of a couple of other things which would be 32 chars long as well (including rot13 and xor :-) ).
Any encryption method might create output ending in ==, so this isn't really a good method.
Is there any tool which can give a list of possible algos used, if provided with the encrypted string? anyone know of any site which has info on this ?
There aren't actually that many (good enough) algorithms, so a wild guess based on origin would probably be your best shot.
A couple of thumb rules here;* Script-kiddies at home tend to protect their online gaming cheat-codes with 2048-bit DSA encryption.
* MS customers tend to use weaker cryptos and sillier hashing methods than the equivalent opensource solution, unless it's something really, really important and expensive.
* Protocols that transfer high amounts of data usually use CPU-friendlier cryptos (often weaker), than those written to control or authenticate one thing or another (like ssh).
Thanks in advance Steve MASTEK "Making a valuable difference" Mastek in NASSCOM's 'India Top 20' Software Service Exporters List. In the US, we're called MAJESCO
Current thread:
- Which encryption algorithm used? stevenr (May 26)
- RE: Which encryption algorithm used? Marian Ion (May 26)
- Re: Which encryption algorithm used? Adam Tuliper (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- <Possible follow-ups>
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 26)
- Re: Which encryption algorithm used? John Borwick (May 26)
- Re: Which encryption algorithm used? windo (May 27)
- Re: Which encryption algorithm used? Adam Lydick (May 27)
- Re: Which encryption algorithm used? exon (May 31)
- Re: Which encryption algorithm used? John Borwick (May 26)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 27)
- RE: Which encryption algorithm used? Tom Arseneault (May 27)
- RE: Which encryption algorithm used? Michael Silk (May 27)
- RE: Which encryption algorithm used? Marian Ion (May 26)