Re: Determining the encryption used

From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Fri May 12 2006 - 01:58:31 EDT

• Next message: Sahir Hidayatullah: "RE: Determining the encryption used"
• Previous message: Dotzero: "Re: Pentester convicted.."
• In reply to: John Madden: "Determining the encryption used"
• Next in thread: Tim: "Re: Determining the encryption used"
• Reply: Tim: "Re: Determining the encryption used"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Salut,

On Thu, 2006-05-11 at 18:20, John Madden wrote:
> Is it possible to determine the encryption used by
> "looking" at the encrypted results or lenght ?

A perfect symmetric cipher returns a big bunch of random bytes.

> I know that with Base64 it's pretty easy because of
> the "==" at the end.

base64 is an encoding. Even EBCDIC is more secure than that these days.
:-P

(BTW, the DES encoding is also not very hard to determine. ;-)

> Also if there are any tools besides openssl that you
> found usefull to try all the cipher, consecutively
> with a passphrase/keyword against a file/string

It would decrypt about anything to about anything else.

In fact, most programs that support different encryption types do in
fact have some kind of "envelope" to stick their data into. This
"envelope" is mostly implementation specific but contains all
information about the ciphers used. However, most of the time it is
transferred with asymmetric crypto on, so it's a bit hard to tell unless
someone really broke it.

However, most applications have a default preference. That is, nowadays
most programs are somewhat AES-192-phile even though noone would
actually recommend the use of AES (I hope).

However, passwords or whatever stored in a database are not encrypted
with a symmetric cipher most of the time (Except for DES "encoded"
passwords). In this area you can usually tell the hash by the length of
the stored data (but you can't correlate it to the length of the
original input):

7 bytes / 56 bit -> DES
32 bytes / 256 bit -> MD5 or SHA2
40 bytes / 320 bit -> SHA1
64 bytes / 512 bit -> SHA2
96 bytes / 768 bit -> SHA2

The byte values assume that you use hexadecimal encoding. With base64,
they're different of course. Refer to the number of used bytes then.

BTW, if you're free to choose a hash function for your program, don't
use DES, MD5 or SHA1. DES isn't worth anything more than EBCDIC these
days, MD5 has 8 bit of security margin left (so if you attack it, you
need to bruteforce 256 possibilities to find a collision - not really
hard to do), and SHA1 isn't that much safer anymore either. SHA2 isn't
really good at that, but at least it didn't fall apart that much yet.

Call to everyone: we need a new decent hash function!

                            Tonnerre

-- 
SyGroup GmbH
Tonnerre Lombard
Loesungen mit System
Tel:+41 61 333 80 33    Roeschenzerstrasse 9
Fax:+41 61 383 14 67    4153 Reinach
Web:www.sygroup.ch      tonnerre.lombard@sygroup.ch

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Sahir Hidayatullah: "RE: Determining the encryption used"
• Previous message: Dotzero: "Re: Pentester convicted.."
• In reply to: John Madden: "Determining the encryption used"
• Next in thread: Tim: "Re: Determining the encryption used"
• Reply: Tim: "Re: Determining the encryption used"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:56 EDT