you may need to examine the specific protocol. open protocols typically can negotiate the strength and type of cipher used, in which case, if you have the negotiation phase(typically part of the initital key exchange phase) of a protocol, you can gather which symetric algorithm was used for transit. If this is a closed protocol, it may have a single symetric algorithm, negating the need for a negotiation phase. You may also want to attempt some plaintext crypt attacks against this. if you know anything about the protocol, you may be able to do some testing with your key data against common algorithms in an attempt to see what comes up as plaintext. Since you have the key, and the crypted data, getting crypted data of data you already know should prove or disprove any algorithmic tests. Finally, if you are equiped to do so, you may want to take this away from a black box test. Since you have the program, use debugging and disassembly techniques to isolate and tag your algorithm in your client binary. This is likely to be a last resort, but it will almost always work (it will take time and somewhat specialized skills). Hope this helps. Signed, Ryan Permeh eEye Digital Security Team http://www.eEye.com/Retina -Network Security Scanner http://www.eEye.com/Iris -Network Traffic Analyzer http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities ----- Original Message ----- From: "fooyu" <securityat_private> To: <vuln-devat_private> Sent: Wednesday, February 06, 2002 12:49 AM Subject: Encryption Algorithm Footprint > I am auditing one of my critical service system. This system provides our users a method of stock exchange. By using ethereal I found the data packets was encypted like in SSL. Next I found the private key in my server and encypted symmetric key payload in the captured packets. After successfully decrypting the 16- bytes symmetric key, I test many encryption algorithm to decrypted the captured ciphertext, but all failed. > > I want to know if encryption algorithm has footprint. Is there any technica to find which encryption algorithm it used? > > Thank you all and Happy Chinese New year! > > Haiyan Chen > > *********************** > [securityat_private] > www.fooyu.com > *********************** >
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 10:33:17 PST