Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: How to tell if something is encrypted

by diskcrash (Hermit)
on Apr 18, 2001 at 20:00 UTC ( #73546=note: print w/ replies, xml ) Need Help??


in reply to How to tell if something is encrypted

This may be somewhat lame, but practical. Assuming your unencrypted text is mainly ASCII, it would be unlikely to contain many byte codes under x1F. Presumably encryption would drive the bytes all over the 0-FF map. So if it contained a significant number of bytes below 1F, it's encrypted or compressed.

-diskcrash


Comment on Re: How to tell if something is encrypted
Re: Re: How to tell if something is encrypted
by nardo (Friar) on Apr 18, 2001 at 21:30 UTC
    If the file were an uncompressed binary, it would likely have a proportionally high number of 0x00 characters. If the file were a compressed file, it would have a proportionally high number of 0x00 characters near the beginning of the file, but not so much in the remainder of the file. If the file is encrypted, there is unlikely to be a high proportion of 0x00 characters.

      A compression mechanism that always results in a non-uniform distribution of 0-bytes within the output isn't doing the best compression it could.

      Well-compressed output, well-encrypted output, and random output should all be indistinguishable.

              - tye (but my friends call me "Tye")
        You will often need to store some uncompressed information in a compressed file. Information about the compressed data (length, flags, etc.) is usually uncompressed. Integers within the header may contain a 0x00 because of an unused high order byte, and flags often use 0 as the default value. You can usually count on a header being at the beginning of the file, so you will probably find a few 0x00's at the beginning of a compressed file, and because there may be additional headers for additional compressed blocks throughout the file, there will not be a random distribution of 0x00's throughout the file.
Re: Re: How to tell if something is encrypted
by rpc (Monk) on Apr 18, 2001 at 21:53 UTC
    A polyalphabetic substitution cipher is a form of encryption, and could obviously remain in the set of printable characters. Of course, no one would use such a simple cipher :)

    Also, Encrypted text could be "ASCII armored" ala Base64 or some other coding scheme, which would change the alignment of the data to be ASCII printable, but nonetheless the data is encrypted.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://73546]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (9)
As of 2014-12-28 04:43 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (178 votes), past polls