OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark Curphey (markcurphey.com)
Date: Thu Oct 18 2001 - 21:15:20 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I have seen some cookies hashed with md5 or sha-1...pretty easy to tell
    apart...nice property of hash functions is arbitrary input and fixed length
    output. 128 bits for md5, 160 bits for sha

    -----Original Message-----
    From: tox [mailto:toxresponsible.com]
    Sent: Thursday, October 18, 2001 6:41 PM
    To: Jeremiah Grossman
    Cc: www-mobile-codesecurityfocus.com
    Subject: Re: telling crypto type [off topic]

    Different schemes will permit different characters in the ciphertext.

    Frequency analysis should also lend some light as to basic classes
            of algorithm. A simple substitution cipher like rot13 will have
            a nice peak for frequently-occurring characters ("e" in
            English text, for example). Something that produces a nearly
            flat frequency curve is likely to be the product of a more
            complex (potentially stronger) algorithm.

    Levels of entropy (~randomness) in the stream will also tend to
            follow with algorithmic complexity. A quick hack of a test
            would be to try compressing the stream with your tool of
            choice (compress, gzip, pkzip, etc.). If it compresses
            significantly, it is less likely to come from a harder
            algorithm, and more likely to come from something like
            rot13.

    If the cyperpunks have a faq, it's likely to have some of the info
            you are looking for.

    If you've got a few hours to burn, read Simon Singh's _The Code Book_
            for a basic introduction to some of the history, approaches,
            and methods without burying you in hard math.

    If you want more of the math, look for a copy of Bruce Schneier's
            _Applied Cryptography_ for a reasonable survey of the subject
            as it was a couple of years ago.

    Tox

    Jeremiah Grossman wrote:
    >
    > but.... lets say you have serveral long strings of cipher text...
    >
    > how can one tell the kind of cipher or encryption
    > (ROT13, DES, XOR, BASE64, etc.) is being used? If at all
    > possible...
    >
    > Hey... for OWASP and the session vulns information,
    > perhaps this isnt off-topic.
    >
    > Jeremiah 

    --
Tox Gunn	Security Systems Administrator, Responsible Solutions
voice (650)780-9550	pager (888)894-7576	toxresponsible.com