OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Razvan Peteanu (razvan-peteanuhome.com)
Date: Thu Oct 18 2001 - 21:33:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You can also check the following:

    "Basic Cryptanalysis" manual at http://www.umich.edu/~umich/fm-34-40-2/

    "Self-Study Course in Block Cipher Cryptanalysis"
    http://www.counterpane.com/self-study.html

    a ton of papers at
    http://www.mat.dtu.dk/persons/Jakobsen_Thomas/capapers.html

    "Methods of Cryptanalysis" at
    http://www.wisdom.weizmann.ac.il/~albi/cryptanalysis/

    http://sourceforge.net/projects/griffon/

    Razvan

    ----- Original Message -----
    From: "tox" <toxresponsible.com>
    To: "Jeremiah Grossman" <jeremiahwhitehatsec.com>
    Cc: <www-mobile-codesecurityfocus.com>
    Sent: Thursday, October 18, 2001 9:41 PM
    Subject: Re: telling crypto type [off topic]

    > Different schemes will permit different characters in the ciphertext.
    >
    > Frequency analysis should also lend some light as to basic classes
    > of algorithm. A simple substitution cipher like rot13 will have
    > a nice peak for frequently-occurring characters ("e" in
    > English text, for example). Something that produces a nearly
    > flat frequency curve is likely to be the product of a more
    > complex (potentially stronger) algorithm.
    >
    > Levels of entropy (~randomness) in the stream will also tend to
    > follow with algorithmic complexity. A quick hack of a test
    > would be to try compressing the stream with your tool of
    > choice (compress, gzip, pkzip, etc.). If it compresses
    > significantly, it is less likely to come from a harder
    > algorithm, and more likely to come from something like
    > rot13.
    >
    > If the cyperpunks have a faq, it's likely to have some of the info
    > you are looking for.
    >
    > If you've got a few hours to burn, read Simon Singh's _The Code Book_
    > for a basic introduction to some of the history, approaches,
    > and methods without burying you in hard math.
    >
    > If you want more of the math, look for a copy of Bruce Schneier's
    > _Applied Cryptography_ for a reasonable survey of the subject
    > as it was a couple of years ago.
    >
    > Tox
    >
    > Jeremiah Grossman wrote:
    > >
    > > but.... lets say you have serveral long strings of cipher text...
    > >
    > > how can one tell the kind of cipher or encryption
    > > (ROT13, DES, XOR, BASE64, etc.) is being used? If at all
    > > possible...
    > >
    > > Hey... for OWASP and the session vulns information,
    > > perhaps this isnt off-topic.
    > >
    > > Jeremiah
    >
    > --
    > Tox Gunn Security Systems Administrator, Responsible Solutions
    > voice (650)780-9550 pager (888)894-7576 toxresponsible.com
    >