Jonas Larsson wrote: > > > > Is it possible to determine what crypto-type (aes, twofish, blowfish, > > > etc) that has been used to crypt a file by just looking in the file > > > examining its content? > > > >No. > > How can you be so sure about this? Can your refer to some document > proving/stating that? Any good crypto will look like random garbage. The better it is, the closer to apparent randomness it will appear. Any non-randomness gives an attacker a lever to crack it. This may or may not matter in practice, but it is definitely a weakness in theory. There's a whole bunch of math about the relation between crypto and randomness, but I've only looked at a little of it and some of that was over my head, so I won't try to talk about it. So any two good algorithms will both produce apparently completely random stuff. So you cannot distinguish the two. One fairly well-known example is from the British attacks on the German Enigma machine in WW II. One property of the machine was that no letter could ever encrypt to itself. Any other letter in the alphabet, but not itself. An analyst noticed that one moderately long message used every letter except 'L'. A German doing some testing had just hit the L key a few 100 times. This is a fairly small non-randomness, but it was valuable to the Brits. I forget whether it gave them that day's key or more knowledge of machine internals or what, but I do recall that it produced some sort of breakthrough. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
