PDA

View Full Version : Typical code sequence for encryption?

d.u.h.a.C.Z.e.k
September 3rd, 2002, 19:11
Is there any typical sode seq that help me to find out what type of encryption algorythm is used in programs? IMHO it doesn't exist but I hope... :-)

DakienDX
September 3rd, 2002, 19:29
Hello d.u.h.a.C.Z.e.k !

Sorry, but as you feared, there is no way to find out what encryption algorithm is used.

You may be lucky and know the program used to encrypt the file because of it's file extension or format. Perhaps this program offers several encryption algorithms/modes/hash functions and saves what combination of them was used in the encrypted file too.

If you can see many blocks of the same size which look the same, you can say that a block cipher with a block size of blocksize bytes was used in ECB mode, but it's also possible that this information is completely wrong and the person who encrypted the data choose special patterns which look like "blocks" when getting encrypted.

But else there is no way to know it. I would consider an encryption algorithm where you can tell that this algorithm was used as "cryptographically unsecure".

mike
September 3rd, 2002, 21:18
See http://www.woodmann.net/fravia/mike.htm for a piece I wrote on finding encryption code.

Once you've found it, tables of constants are your best bet for figuring out what it is.

DakienDX
September 3rd, 2002, 22:48
Hello d.u.h.a.C.Z.e.k !

Yes, mike's way is possible of course too.

I was only fixed to the idea that you have a file or only encrypted data and want to guess the encryption algorithm from that.

Else you can search for algorithm specific patterns/initialization values to get your answer.

mike
September 4th, 2002, 04:19
Unless the cipher is very weak, DakienDX is right. It's practically impossible to tell that it's not just random, let alone what encryption algorithm it is. For example, you need to analyze something like a terabyte of known keystream of RC4 to distinguish it from random.