Go Back   AnandTech Forums > Hardware and Technology > Highly Technical

· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· AMD Video Cards
· Nvidia
· Displays
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Home and Garden
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2015
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions

Thread Tools
Old 11-05-2012, 06:19 PM   #1
VirtualLarry's Avatar
Join Date: Aug 2001
Posts: 33,012
Default How to tell if a file is encrypted?

Is there a way to check yes/no whether a stream of bytes has been encrypted? Rather than compressed? Some way to check entropy?
Acer CloudBook AO1-131 | Intel Celeron N3050 "Cherry Trail" dual | 2GB DDR3L | 32GB eMMC | Intel HD graphics
Gigabyte Brix J1900 (3x) | Intel Celeron J1900 "Bay Trail" quad | GSkill 8GB DDR3L-1600 CAS9 | 300GB Intel 320 Series SSD | Intel HD graphics
ASRock Z170 Pro4S ATX (2x) | Intel Pentium G4400 "Skylake" @ 4.455Ghz | 2x4GB Avexir DDR4-2400 | Samsung SM951 128GB M.2 AHCI SSD | AMD Radeon HD 7950 3GB
VirtualLarry is offline   Reply With Quote
Old 11-06-2012, 10:50 AM   #2
CycloWizard's Avatar
Join Date: Sep 2001
Posts: 12,350

I'm sure the answer is yes, but I have no idea how to go about it. You might want to post this in the programming forum.
"Somewhere, in a parallel universe near you, people read books, scientists are treated like rock stars, and beer is not sold in 30 can value packs." --Sign in a bar in Muncie, Indiana

Anything is possible when you don't know what you're talking about.
CycloWizard is offline   Reply With Quote
Old 11-06-2012, 11:45 AM   #3
Wizlem's Avatar
Join Date: Jun 2010
Location: Iowa
Posts: 94

If something has been compressed, it will have a near flat distribution of values(otherwise you could compress it again and achieve better compression).

If something were compressed before encryption then it would maintain that flat distribution.

If you are confident something is either compressed or encrypted but not both or neither than you just have to look at how the values are distributed. Nonrandom data will have some values more common than others. Compressed data will look random.

The big problem is probably that encryption is going to use some huge number of bits, so there could be a huge number of possible values.
i5 2500k P8P67 PRO 16GB Corsair XMS 1600 Intel X25-M 80GB G2 XFX 5850

Last edited by Wizlem; 11-06-2012 at 11:49 AM.
Wizlem is offline   Reply With Quote
Old 11-06-2012, 01:23 PM   #4
Diamond Member
imagoon's Avatar
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 5,199

There was some discussion about this on truecrypt's website at one point. The only way to know "for sure" was to decrypt it with the key however you could infer encrypted data if you had some idea of what was in the "file." IE an encrypted truecrypt file typically emulated a disk so there was certain 512byte patterns and 4k patterns (NTFS in this case) that could deduce there was higher odds that the file contained encrypted data. They also mentioned under no case should you backup the encrypted file as is since if an attacker had access to both files, the deltas would give away that it was an encrypted file. They basically said "encrypt your encrypted backups."

They also mentioned what Wizlem mentioned about distributions. Encrypted vs Random data should look the same. It is harder fro the Encrypted data to be truly flat though.

This was really above me though since my crypto level is pretty low.
imagoon is offline   Reply With Quote
Old 11-08-2012, 11:37 PM   #5
Diamond Member
Join Date: Jan 2012
Posts: 3,349

Originally Posted by VirtualLarry View Post
Is there a way to check yes/no whether a stream of bytes has been encrypted? Rather than compressed? Some way to check entropy?

My experience is that a compressed file looks a lot like an encrypted file. Though, the goal of an encrypted file is to have a perfectly random character distribution.

The only entropy checker that I've used is the one that comes in Cryptool. Don't know enough about your situation to know whether or not it would work for you. But you may want to check it out.

Best of luck,
unokitty is offline   Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 12:45 AM.

Powered by vBulletin® Version 3.8.8 Alpha 1
Copyright ©2000 - 2016, vBulletin Solutions, Inc.