- Aug 25, 2001
- 56,570
- 10,204
- 126
Is there a way to check yes/no whether a stream of bytes has been encrypted? Rather than compressed? Some way to check entropy?
How to tell if a file is encrypted?
- Thread starter VirtualLarry
- Start date
- Status
I'm sure the answer is yes, but I have no idea how to go about it. You might want to post this in the programming forum.
If something has been compressed, it will have a near flat distribution of values(otherwise you could compress it again and achieve better compression).
If something were compressed before encryption then it would maintain that flat distribution.
If you are confident something is either compressed or encrypted but not both or neither than you just have to look at how the values are distributed. Nonrandom data will have some values more common than others. Compressed data will look random.
The big problem is probably that encryption is going to use some huge number of bits, so there could be a huge number of possible values.
If something were compressed before encryption then it would maintain that flat distribution.
If you are confident something is either compressed or encrypted but not both or neither than you just have to look at how the values are distributed. Nonrandom data will have some values more common than others. Compressed data will look random.
The big problem is probably that encryption is going to use some huge number of bits, so there could be a huge number of possible values.
Last edited:
There was some discussion about this on truecrypt's website at one point. The only way to know "for sure" was to decrypt it with the key however you could infer encrypted data if you had some idea of what was in the "file." IE an encrypted truecrypt file typically emulated a disk so there was certain 512byte patterns and 4k patterns (NTFS in this case) that could deduce there was higher odds that the file contained encrypted data. They also mentioned under no case should you backup the encrypted file as is since if an attacker had access to both files, the deltas would give away that it was an encrypted file. They basically said "encrypt your encrypted backups."
They also mentioned what Wizlem mentioned about distributions. Encrypted vs Random data should look the same. It is harder fro the Encrypted data to be truly flat though.
This was really above me though since my crypto level is pretty low.
They also mentioned what Wizlem mentioned about distributions. Encrypted vs Random data should look the same. It is harder fro the Encrypted data to be truly flat though.
This was really above me though since my crypto level is pretty low.
My experience is that a compressed file looks a lot like an encrypted file. Though, the goal of an encrypted file is to have a perfectly random character distribution.
The only entropy checker that I've used is the one that comes in Cryptool. Don't know enough about your situation to know whether or not it would work for you. But you may want to check it out.
Best of luck,
Uno
- Status
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter