#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    3
    Rep Power
    0

    Determine encryption protocol


    Is it possible to determine encryption protocol in use having result of the encryption?
    I am evaluating an application and I am not very satisfied how it handles confidential data. It is using another program for encrypting, which takes string as input and it's output is encrypted file. I tried to find encrypted text on the web that looks similar to it's output, but without success. Below is hexdump output of encrypted sting "123"

    0000000 c476 d382 0ddf a246 71af 7055 ba5a dfb4
    0000010
  2. #2
  3. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,231
    Rep Power
    9400
    So a block size of 128 bits, okay, and it's not a (unsalted) MD5 hash of "123"...

    What application? Is the output always 128 bits long?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    3
    Rep Power
    0
    The application is using external program for encrypting database connection string.
    The program that is used for encryption takes two strings. First one is connection string and second is encryption key. Output of this program are two encrypted files. I guess that first one contains encrypted connection string, and second one contains encrypted encryption key. Any copy of the application can decrypt this files. I guess that decryption key for this files is hard-coded in the application.
    I am concerned about security of this approach because if I am right, both encrypted data and encryption key are available to the potential attacker and they are encrypted with hard-coded key.
    The data in the application is not very confidential, but I am willing to refuse it if I find it insecure to save me from future headaches.
    Below are hexdumps for both encrypted data string and encrypted encryption key.

    Source for both of them is "qwertyuiop1234567890"

    Data:

    0000000 a19c 5555 de82 c198 a682 1501 93c5 9ed8
    0000010 eeda 1709 a7f6 aced
    0000018

    Key:

    0000000 854e 90a8 0a26 d2ce 3eaf f0d6 1ac1 80f1
    0000010
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    May 2007
    Posts
    765
    Rep Power
    929
    If you need to evaluate the security of someone's application, they should at least provide you with a specification if not access to the source code itself. Just by looking at the output you can at best guess at the underlying algorithm (e.g. 8N data lengths point toward an 8-byte block cipher like DES), but you can't tell if the algorithm is being used properly (e.g. what mode is the cipher used in? Is a secure padding method used? What is the source of the IV and key material?)
    sub{*{$::{$_}}{CODE}==$_[0]&& print for(%:: )}->(\&Meh);
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2012
    Posts
    3
    Rep Power
    0
    I don't have access to the source code.
    Since the encryption key is hard-coded in the application, I thought I can try to encode some string and try brute force on it to test if it is easily breakable.
    The problem is that I don't know which algorithm is used for encryption, so I can't choose tool for testing it.
    I guess that if the algorithm is not easily recognizable, the application is not that much insecure as I thought.

IMN logo majestic logo threadwatch logo seochat tools logo