On Mon, 2006-11-06 at 14:02 -0500, David Shaw wrote:
> On Mon, Nov 06, 2006 at 07:39:07PM +0100, Johan Wevers wrote:
> > Henry Hertz Hobbit wrote:
> >
> > >* 3DES: 8C 0D 04 02 03 02
> > >* CAST5: 8C 0D 04 03 03 02
> > >* BLOWFISH: 8C 0D 04 04 03 02
> > >* AES: 8C 0D 04 07 03 02
> > >* AES192: 8C 0D 04 08 03 02
> > >* AES256: 8C 0D 04 09 03 02
> > >* TWOFISH: 8C 0D 04 0A 03 02
> >
> > I guess IDEA is 8C 0D 04 01 03 02.
>
> This method for identifying ciphers is not reliable.
> There are many ways for a file to be packed, and this
> method will do the wrong thing for all but one of the
> ways.
I am from Missouri today, and I am stubborn mule. 8^)
First, please remember that we are talking about only symmetrically
enciphered files without email etc. Just encrypting a file on the
computer. That was what the person was doing, and they were not
using the --armor (-a) option. You will of course NOT get the
above first six bytes with the armor option since the very first
character is not a valid ASCII text character.
Please specify at least one way (preferable to have two or three)
where this is not the case for a symmetrically enciphered file
that is written to the disk (not piped into email, etc.). I am
not saying that you are wrong. It is just that I have tried it
quite a few ways and I always come up with the same first six bytes
for any given cipher, including even some where GnuGP gives me
messages like this
$ gpg -d < TOOMUCH.gpg > BACK
gpg: AES encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
$ diff TOOMUCH BACK
$ rm BACK
If it is a file created with a non-GnuPG, but OpenPGP compliant
program, please send me the file and the password. I don't have
anything but GnuPG. I will be removing all keys but mine to run
the test with. I will be looking for:
[1] gpg's message of what cipher was used to encrypt the
file. It would be preferable to have the file that was
encrypted with a symmetric cipher to contain only the
phrase: Hello World! If I can't decrypt it, I would
consider that to mean it is not OpenPGP compliant.
[2] The first six bytes of the file. I will compare that with
what is in the chart.
Even if you do have an encrypted file that doesn't use these,
is there anything wrong with the file command returning the
answers given for the first six bytes of the file? I can't
find any information that they are used for any other kind
of file.
Peter S. May - Thanks for the PERL scripts.
HHH
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
