Different schemes will permit different characters in the ciphertext.
        
Frequency analysis should also lend some light as to basic classes
        of algorithm. A simple substitution cipher like rot13 will have
        a nice peak for frequently-occurring characters ("e" in
        English text, for example). Something that produces a nearly
        flat frequency curve is likely to be the product of a more
        complex (potentially stronger) algorithm.

Levels of entropy (~randomness) in the stream will also tend to
        follow with algorithmic complexity. A quick hack of a test
        would be to try compressing the stream with your tool of
        choice (compress, gzip, pkzip, etc.). If it compresses
        significantly, it is less likely to come from a harder
        algorithm, and more likely to come from something like
        rot13.

If the cyperpunks have a faq, it's likely to have some of the info
        you are looking for.

If you've got a few hours to burn, read Simon Singh's _The Code Book_
        for a basic introduction to some of the history, approaches,
        and methods without burying you in hard math.

If you want more of the math, look for a copy of Bruce Schneier's
        _Applied Cryptography_ for a reasonable survey of the subject
        as it was a couple of years ago.

Tox

Jeremiah Grossman wrote:
>
> but.... lets say you have serveral long strings of cipher text...
>
> how can one tell the kind of cipher or encryption
> (ROT13, DES, XOR, BASE64, etc.) is being used? If at all
> possible...
>
> Hey... for OWASP and the session vulns information,
> perhaps this isnt off-topic.
>
> Jeremiah

-- 
Tox Gunn	Security Systems Administrator, Responsible Solutions
voice (650)780-9550	pager (888)894-7576	toxresponsible.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]