Perhaps it is RC2-128 CBC. The first block will utilize a specified "initialization vector" whereas subsequent encrypted block are XOR'd with data from the previous block prior to encryption. Therefore if you have a captured packet, you need to take into account the block chaining. You can always do some data-mining on your binary. Often a lot can be determined with a simple hex editor and a dissembler. Happy Chinese New Year too! Regards, Robert Freeman ----- Original Message ----- From: "fooyu" <securityat_private> To: <vuln-devat_private> Sent: Wednesday, February 06, 2002 12:49 AM Subject: Encryption Algorithm Footprint > I am auditing one of my critical service system. This system provides our users a method of stock exchange. By using ethereal I found the data packets was encypted like in SSL. Next I found the private key in my server and encypted symmetric key payload in the captured packets. After successfully decrypting the 16- bytes symmetric key, I test many encryption algorithm to decrypted the captured ciphertext, but all failed. > > I want to know if encryption algorithm has footprint. Is there any technica to find which encryption algorithm it used? > > Thank you all and Happy Chinese New year! > > Haiyan Chen > > *********************** > [securityat_private] > www.fooyu.com > *********************** >
This archive was generated by hypermail 2b30 : Wed Feb 06 2002 - 10:55:49 PST