Identifying Encryption techniques
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Identifying Encryption techniques

  1. #1

    Identifying Encryption techniques

    From what I was taught, Credit Cards, drivers licenses and such have check numbers to tell if they are valid numbers. I was wondering if the same was with common encryption methods. Take this MD5 for example:
    7b896e6db151d729c55dfeb7683e6f3f

    How can someone prove that it is a valid MD5 instead of a random set of numbers? Same with AES, SHA, any other methods you can dream up. All google is coming up with is MD5 being able to verify integrity, but I am trying to verify the integrity of an MD5. Possible?

    Thanks!

    btw-
    I am not looking for software to do this for me, I am looking for any mathmatical process or method of validating the MD5

  2. #2
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    While I think you have a valid question, I have a question for you...

    Why should it matter?

    I mean, technically anyone can create a random set of numbers and letters, and make it look like a MD5 key, but what's the point? Is there are particular reason you're asking, or are you just wondering if it's possible? I would speculate that it's not possible to verify whether a key is MD5 or not, but I may be wrong. The only way to discover if an MD5 is valid would be to actually decrypt it back into it's original context, which, if I remember right, isn't exactly a feasible task. If I'm wrong, please correct me, but I would say that's the only way to do it, which isn't really possible.

    AJ

  3. #3
    It's part of a potential forensics tool I am thinking about that regards exported cookie files. It should identify all the md5 strings, therefore placing forensic priority for those cookies over the advertising cookies and other garbage. I'm thinking that it would identify the domains someone was involved in, therefore giving an investigator a quicker response to those domains. A scenario would be a terrorist computer: a quick search of a large cookie file for md5's would show that he had a password to a certain forum, therefore an investigator can quickly forward the investigation another direction. Basically just making a step easier.

    From what it looks like, Cain requires a 16 byte long md5, and a 20 byte long SHA1. I guess length is a fingerprint?

    Also, I think it would be beneficial to search an entire computer for encrypted files, if an encrypted file can be ID'd then it can be possibly be cracked by an investigator.

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    MD5 is a hash function or one-way function and not an encryption algorithm, in other words you cannot reverse the digest back into the original form. Length can be an indicator of the hash function used, for example MD5 creates a 128-bit digest. The only way for you to discover whether its valid or not is to hash the orginal data and compare the hashes.


    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #5
    It seems that MD* hashing is 16 bytes, and must contain characters a-f and 0-9. I guess then that is the only way to identify if a hash is possibly a legit MD*, without knowing the original.

    Thanks for your help.

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Brute-forcing MD5 is somewhat not feasible, but that doesn't mean it's not do-able. With enough computing power and some patience a password could be broken within less then 24 hours. Depends on the charset too, no doubt, but that's the same for any password. The only problem is making sure that you've managed to go through all the possibilities, because it is possible to get false positives. Since you're expecting the hash to not be a valid MD5 output brute-force means you're going through all the possibilities and hope nothing matches.

    I'm not sure about the theoretical probability, but as the length is the same [being a hash function the output is always constant in length] almost all possible combinations would have a valid plaintext that would generate them. So I think the changes of finding an invalid MD5 hash are slim, as long as length and characters are kept.
    /\\

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I think Soda_popinsky is looking for something that can identify a string and determine if it's an MD5, MD4, SHA or any other hashing/encryption algorithm. I.o.w. how to fingerprint an hasing/encryption algorithm, not how to crack it. Cracking it is part 2 but you'll need to identify what's used first.

    I've often wondered about this myself
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    sry, but i cant get your doubt, soda

    If its is a MD5, its a integrity signature for some plain text.

    Just get the plain text, pass again on md5 algorithm and compare the output with the previous md5.

    why is so hard to verify the autenticity?
    Meu stio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    cacosapo: What if you don't have the plain text?

    The point is how do you identify an MD5 string from any other (random) string.
    Not what MD5 is, not how to crack MD5 and not how to verify MD5's authenticity.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    [0-9A-Fa-f]{32}
    and
    [0-9A-Fa-f]{48} (not too sure about this but I think SHA1 is 48)
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag D landet her kvilte i heilag fred og alle hadde kjrleik elske med.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •