WebApp Sec mailing list archives

Re: Which encryption algorithm used?

From: exon <exon () home se>
Date: Wed, 26 May 2004 16:21:37 +0200

stevenr () mastek com wrote:

Hi all
Is it possible to identify the encryption algorithm used by looking atthe format of the encrypted string? Of course I understand we not may be
100% accurate but there could be a chance we hit home.


With a crypto worth anything what so ever; Absolutely zero.

You may be able to 'see' difference between different modes, but theoutput of a dual key-based encryption algorithm is supposed to betotally random (computer-generated whatever never is, that's why it "issupposed to be" instead of just "is").

To give an example,
probably a 32 character string could be a MD5 hash, and a string ending with
== could be base 64 encoding.

MD5 hashes are one-way encryption, so I don't see what good it would do(you'd know when it's MD5 anyway, based on implementation guessing). Ican think of a couple of other things which would be 32 chars long aswell (including rot13 and xor :-) ).

Any encryption method might create output ending in ==, so this isn'treally a good method.

Is there any tool which can give a list of possible
algos used, if provided with the encrypted string? anyone know of any site which
has info on this ?

There aren't actually that many (good enough) algorithms, so a wildguess based on origin would probably be your best shot.


A couple of thumb rules here;

* Script-kiddies at home tend to protect their online gaming cheat-codeswith 2048-bit DSA encryption.

* MS customers tend to use weaker cryptos and sillier hashing methodsthan the equivalent opensource solution, unless it's something really,really important and expensive.

* Protocols that transfer high amounts of data usually useCPU-friendlier cryptos (often weaker), than those written to control orauthenticate one thing or another (like ssh).


Thanks in advance
Steve

MASTEK
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCO

/ae

Current thread:

Which encryption algorithm used? stevenr (May 26)
- RE: Which encryption algorithm used? Marian Ion (May 26)
  - Re: Which encryption algorithm used? Adam Tuliper (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- Re: Which encryption algorithm used? exon (May 26)
- <Possible follow-ups>
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 26)
  - Re: Which encryption algorithm used? John Borwick (May 26)
    - Re: Which encryption algorithm used? windo (May 27)
    - Re: Which encryption algorithm used? Adam Lydick (May 27)
    - Re: Which encryption algorithm used? exon (May 31)
- RE: Which encryption algorithm used? Pitts, Christopher C. (May 27)
- RE: Which encryption algorithm used? Tom Arseneault (May 27)
- RE: Which encryption algorithm used? Michael Silk (May 27)