tags:

views:

1129

answers:

4

Is there any ways to try to guess encryption algorithm used to encrypt the ciphertext?

+2  A: 

Yes. There are some differences:

  • Is it a block cipher or not can be guessed from the length.
  • Block length
  • Entropy of the output (are all characters equally present? / can patterns be found?)
  • Recurrences (CBC or not...)

The entropy of the string is probably the best hint. A simple method to determine it is probably trying to compress it. Some methods can be found here: http://www.random.org/statistics/ They use them to make sure their numbers are as random as possible.

I've got no idea if it's really possible to determine the encryption using these methods.

Georg
+1  A: 

Quite often this information is readily available - in a good encryption scheme, only the key needs to be secret, not the algorithm used.

There are analyses you can can perform to test for particular encryptions, consult a textbook on cryptanalysis for details!

Paul Dixon
A: 

It depends if you're talking about "raw encrypted data" (in that case you can use methods such as listed by "gs" in the other answer) or an encrypted file in some standard format (the most common are CMS/PKCS#7 and OpenPGP); in the latter case the encryption algorithm is explicitly indicated in the metadata contained in the very file.

For CMS you need an ASN.1 decoder such as command-line dumpasn1 program or my own web-based Javascript decoder while for OpenPGP you can use pgpdump.

lapo
A: 

Hi,

There is any way to identify what encryption was used in one DLL? Says, this DLL was entirely encrypted (the header of the file is also encripted), and it is decrypted by a loading function in the main app.

So, another ask, any one knows what encryptors does the task explained in the first paraghaph?

If yes, how can I decrypt it? I knows that the main app decrypts the DLL in memory, how can I dump it, and how can I re-build it in a proper way?

leslie
In what way is that an answer?
Steven Jackson