Identifying the encryption algorithm

Once we have done frequency and entropy analyses and can tell that the data is encrypted, we need to identify which algorithm was used. A simple way to do this is to compare the length of a number of encrypted messages; consider these examples:

  • If the length is not consistently divisible by eight, you might be facing a stream cipher, with RC4 being the most popular
  • AES is a block cipher whose output's length is always divisible by 16 (128, 192, 256, and so on)
  • DES is also a block cipher; its output's length is always divisible by 8, but not always divisible by 16 (as its keystream is 56 bits)

Get Web Penetration Testing with Kali Linux - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.