确定这些位是否被加密？ [英] determine if the bits are encrypted?

问题描述

我们假设我正在收听一个网络，我收到了一些信息，但是我想知道是否有一种确定比特被加密的方法。存在什么方法或算法？我的意思是，如果这些位是无意义的，这意味着加密，但是有更多的技术方法或算法从位确定
我们说我有0101010100001011001001100001001，你怎么知道这是加密的？

解决方案

不可能证明数据是否被加密，但是您可以分析数据值的频率以过滤将可能的数据包加密。

正确加密的数据几乎与随机噪声无法区分。所以如果你正在寻找加密的数据，你应该看到一个相当均匀的字符表示。有一个名为 pcaphistogram.pl 的好工具，用于以这种方式分析数据包。你可以在这里找到：

let's assume that I am listening a network , and I acquired some bits, but I want to know if there is a way to determine bits are encrypted ? what method or algorithm exists ? I mean if the bits are meaningless, it means encrypted but is there are more technical approach or algorithm to determine from bits let's say I have 0101010100001011001001100001001, how would you tell that if this is encrypted ?

解决方案

It is not possible to prove that data is encrypted or not, but you can analyze the frequency of data values to filter out packets that are likely to be encrypted.

Properly-encrypted data is nearly indistinguishable from random noise. So if you are looking for encrypted data, you should see a fairly even representation of characters. There is a great tool called pcaphistogram.pl for analyzing packets this way. You can get it here: http://www.willhackforsushi.com/code/pcaphistogram.pl.txt

Here is a sample histogram of properly-encrypted data:

Below is a sample histogram of plain-text data. Notice how the values bunch up in the printable region. If you compare this to an ASCII table, you will see lots of lower-case letters(61-7a), a few upper-case(41-5a), spaces (20) and the carriage-return (0a):

Below is a sample histogram for text data that was encrypted with an XOR. The XOR shifted all of the characters, but the basic shape is the same as the unencrypted set.

Note that you need a reasonably large data sample in order to use this technique.

Images courtesy of http://www.packetstan.com/2010/11/packet-payloads-encryption-and-bacon.html

这篇关于确定这些位是否被加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！