Re: Encryption Algorithm Footprint

From: Ryan Permeh (ryanat_private)
Date: Wed Feb 06 2002 - 09:41:16 PST

Next message: Ed Moyle: "RE: Encryption Algorithm Footprint"

Previous message: Philip Rowlands: "Re: directory traversal"
In reply to: fooyu: "Encryption Algorithm Footprint"
Next in thread: Ed Moyle: "RE: Encryption Algorithm Footprint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

you may need to examine the specific protocol.  open protocols typically can
negotiate the strength and type of cipher used, in which case, if you have
the negotiation phase(typically part of the initital key exchange phase) of
a protocol, you can gather which symetric algorithm was used for transit.
If this is a closed protocol, it may have a single symetric algorithm,
negating the need for a negotiation phase.

You may also want to attempt some plaintext crypt attacks against this.  if
you know anything about the protocol, you may be able to do some testing
with your key data against common algorithms in an attempt to see what comes
up as plaintext.  Since you have the key, and the crypted data, getting
crypted data of data you already know should prove or disprove any
algorithmic tests.

Finally, if you are equiped to do so, you may want to take this away from a
black box test.  Since you have the program, use debugging and disassembly
techniques to isolate and tag your algorithm in your client binary.  This is
likely to be a last resort, but it will almost always work (it will take
time and somewhat specialized skills).


Hope this helps.
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "fooyu" <securityat_private>
To: <vuln-devat_private>
Sent: Wednesday, February 06, 2002 12:49 AM
Subject: Encryption Algorithm Footprint


> I am auditing one of my critical service system. This system provides our
users a method of stock exchange. By using ethereal I found the data packets
was encypted like in SSL. Next I found the private key in my server and
encypted symmetric key payload in the captured packets. After successfully
decrypting the 16- bytes symmetric key, I test many encryption algorithm to
decrypted the captured ciphertext, but all failed.
>
> I want to know if encryption algorithm has footprint. Is there any
technica to find which encryption algorithm it used?
>
> Thank you all and Happy Chinese New year!
>
> Haiyan Chen
>
> ***********************
> [securityat_private]
> www.fooyu.com
> ***********************
>

Next message: Ed Moyle: "RE: Encryption Algorithm Footprint"
Previous message: Philip Rowlands: "Re: directory traversal"
In reply to: fooyu: "Encryption Algorithm Footprint"
Next in thread: Ed Moyle: "RE: Encryption Algorithm Footprint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 10:33:17 PST