CDR: Testing for encryption. (fwd)
David Honig
honig at sprynet.com
Thu Feb 22 09:01:39 PST 2001
At 05:54 PM 2/21/01 -0600, Jim Choate wrote:
>
>There is NO algorithm which will determine if an arbitrary piece of text
>is encrypted by an arbitrary algorithm. You can tell, at least
>statistically if a particular piece of arbitrary text ISN'T a particular
>algorithm or language either. Again, not the same problem.
The problem is to find a reasonable way for a relay to refuse to forward
unencrypted messages. So that participants don't accidentally reveal the
discussion.
*Not* to identify the language or cipher algorithm. *Where* do you get
that idea?
(Rhetorical, I realize who I'm replying to..)
A general and reliable heuristic is to measure entropy. This will of course
pass unencrypted compressed files (including possibly jpeg, mpeg, etc.). A
more
reliable 'cheat' is to look for headers. This can also enforce an
additional (and perhaps
unwanted) requirement that a certain tool is used. But again, malicious
posters
will be able to spoof this.
.......
"What company did you say you were from, Mr. Hewlett?"
---Walt Disney to Bill Hewlett eetimes 22.01.01 p 32
More information about the cypherpunks-legacy
mailing list