Both encrypted and compressed files tend to have low entropy (which leads to uncompressability). The difference being that compressed files usually have a header which identifies them as such and often even describing the type of compression. Some encrypted files also have some sort of signature at the beginning (presuming you're not trying to hide the fact of encryption). Use of the 'file' utility can help identify most compressed (and some encrypted) files. If a file doesn't have any known signatures and is also uncompressable, then you might have a good chance of it being encrypted. The Cygwin utilities ( http://www.cygwin.com/ ) give you access to many UNIX utilities (like 'file') under windows, if you have to run your machine under that OS. Jeroen Latour wrote: > At 07:57 13-8-2002 +0200, kontoudisat_private wrote: ..... > The UNIX command 'file' can often tell you a lot about the file, even if > it's a Windows-file. I'm not sure if any equivalent programs exist on > the Windows platform. > > As for determining if a file is encrypted: one of the characteristics of > a good encryption algorithm is that the output can not be compressed ..... -- Stephen Samuel +1(604)876-0426 samuelat_private http://www.bcgreen.com/~samuel/ Powerful committed communication, reaching through fear, uncertainty and doubt to touch the jewel within each person and bring it to life. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 14 2002 - 13:09:49 PDT