Go Back   AnandTech Forums > Hardware and Technology > Highly Technical
Reload this Page How to tell if a file is encrypted?
Register FAQ Calendar Mark Forums Read

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2012
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-05-2012, 05:19 PM   #1
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 22,233
Default How to tell if a file is encrypted?
Is there a way to check yes/no whether a stream of bytes has been encrypted? Rather than compressed? Some way to check entropy?
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
VirtualLarry is offline   Reply With Quote
Old 11-06-2012, 09:50 AM   #2
CycloWizard
Lifer
 
CycloWizard's Avatar
 
Join Date: Sep 2001
Posts: 12,295
Default
I'm sure the answer is yes, but I have no idea how to go about it. You might want to post this in the programming forum.
__________________
"Somewhere, in a parallel universe near you, people read books, scientists are treated like rock stars, and beer is not sold in 30 can value packs." --Sign in a bar in Muncie, Indiana

Anything is possible when you don't know what you're talking about.
CycloWizard is online now   Reply With Quote
Old 11-06-2012, 10:45 AM   #3
Wizlem
Member
 
Wizlem's Avatar
 
Join Date: Jun 2010
Location: Iowa
Posts: 89
Default
If something has been compressed, it will have a near flat distribution of values(otherwise you could compress it again and achieve better compression).

If something were compressed before encryption then it would maintain that flat distribution.

If you are confident something is either compressed or encrypted but not both or neither than you just have to look at how the values are distributed. Nonrandom data will have some values more common than others. Compressed data will look random.

The big problem is probably that encryption is going to use some huge number of bits, so there could be a huge number of possible values.
__________________
i5 2500k P8P67 PRO 16GB Corsair XMS 1600 Intel X25-M 80GB G2 XFX 5850
Last edited by Wizlem; 11-06-2012 at 10:49 AM.
Wizlem is offline   Reply With Quote
Old 11-06-2012, 12:23 PM   #4
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 3,489
Default
There was some discussion about this on truecrypt's website at one point. The only way to know "for sure" was to decrypt it with the key however you could infer encrypted data if you had some idea of what was in the "file." IE an encrypted truecrypt file typically emulated a disk so there was certain 512byte patterns and 4k patterns (NTFS in this case) that could deduce there was higher odds that the file contained encrypted data. They also mentioned under no case should you backup the encrypted file as is since if an attacker had access to both files, the deltas would give away that it was an encrypted file. They basically said "encrypt your encrypted backups."

They also mentioned what Wizlem mentioned about distributions. Encrypted vs Random data should look the same. It is harder fro the Encrypted data to be truly flat though.

This was really above me though since my crypto level is pretty low.
imagoon is online now   Reply With Quote
Old 11-08-2012, 10:37 PM   #5
unokitty
Golden Member
 
Join Date: Jan 2012
Posts: 1,221
Default
Quote:
Originally Posted by VirtualLarry View Post
Is there a way to check yes/no whether a stream of bytes has been encrypted? Rather than compressed? Some way to check entropy?

My experience is that a compressed file looks a lot like an encrypted file. Though, the goal of an encrypted file is to have a perfectly random character distribution.

The only entropy checker that I've used is the one that comes in Cryptool. Don't know enough about your situation to know whether or not it would work for you. But you may want to check it out.


Best of luck,
Uno
unokitty is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 10:51 AM.
Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.