Reputation: 20676
How to identify encryption algorithm used in ciphertext?
Is there any ways to try to guess encryption algorithm used to encrypt the ciphertext?
Upvotes: 11
Views: 49015
Answers (5)
Reputation: 71
Tools to see it:
- PEiD with the Krypto Analyzer (KANAL) plugin
- IDA Pro with the Findcrypt plugin
- OllyDbg with the SnD Crypto Scanner
- x3chun's Crypto Searcher
- Keygener Assistant
- Hash & Crypto Detector (HCD)
- Draft Crypto Analyzer (DRACA)
but all to executables. found here : http://fwhacking.blogspot.com.br/2011/03/bfcrypt-crypto-scanner.html
Upvotes: 7
Reputation: 31
You can try fbcrypt which will scan for known hash & crypto signatures: http://fwhacking.blogspot.com/2011/03/bfcrypt-crypto-scanner.html
For now it supports MD5, CRC32, Blowfish, DES and SHA256, but more will be added soon. Anyway as the source is available you can also add your own.
Upvotes: 3
Reputation: 3224
It depends if you're talking about "raw encrypted data" (in that case you can use methods such as listed by "gs" in the other answer) or an encrypted file in some standard format (the most common are CMS/PKCS#7 and OpenPGP); in the latter case the encryption algorithm is explicitly indicated in the metadata contained in the very file.
For CMS you need an ASN.1 decoder such as command-line dumpasn1 program or my own web-based Javascript decoder while for OpenPGP you can use pgpdump.
Upvotes: 2
Reputation: 300835
Quite often this information is readily available - in a good encryption scheme, only the key needs to be secret, not the algorithm used.
There are analyses you can can perform to test for particular encryptions, consult a textbook on cryptanalysis for details!
Upvotes: 5
Reputation: 126105
Yes. There are some differences:
- Is it a block cipher or not can be guessed from the length.
- Block length
- Entropy of the output (are all characters equally present? / can patterns be found?)
- Recurrences (CBC or not...)
The entropy of the string is probably the best hint. A simple method to determine it is probably trying to compress it. Some methods can be found here: http://www.random.org/statistics/ They use them to make sure their numbers are as random as possible.
I've got no idea if it's really possible to determine the encryption using these methods.
Upvotes: 14
Related Questions
- How to decrypt a string with unknown encryption algorithm?
- How to identify which encoding algorithm is used?
- How to check algorithm used for decrpyting message
- How can i identify which type of encryption am i using?
- From a encrypted file can i identify algorithm that use to encrypt it
- Working out the encryption algorithm
- Finding encryption algorithm from source and resulting string
- Identifying An Encryption Algorithm
- How to find out the encryption method
- How to determine the encryption scheme used when given a cipher text and the key