[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I know if its encrypted?

To: [email protected]
Subject: Re: How do I know if its encrypted?
From: [email protected] (Eric Hughes)
Date: Wed, 11 Jan 1995 20:50:26 -0800
In-Reply-To: <[email protected]> ([email protected])
Sender: [email protected]

   My question is how do I know it is encrypted?  

Calculate an entropy measure of some sort.  Entropy is a measure of
disributional skew.  Maximum entropy means minimum skew.

For human-readable text of any sort, the monogram entropy, i.e. the
entropy of individual characters, will _always_ be detectably less
than maximal.  Encrypted text will always be near maximal.  The two
are easy to distinguish.  ASCII-armored encrypted text will always be
right at 6 bits per byte.

For speed of implementation, you don't need even to look at much text.
You can get a statistically significant measure quite quickly from the
first couple of kilobytes.  

And since you're only really worried about detecting non-randomness,
you don't even need to calculate the exact entropy but rather an
approximation of it.  This approximation can be done with entirely
fixed point arithmetic, if you're a bit clever about it.

A practical system would cut out a notch at 6/8 for ASCII armor, which
would make approximation techniques a bit tricky.  More practical is
just to detect ASCII armor with a regular expression recognizer and
de-armor it before the entropy check.

Eric

References:
- How do I know if its encrypted?
  - From: [email protected] (Mark Oeltjenbruns)

Prev by Date: Re: Storm Signals
Next by Date: Re: Remailing pricing and cover traffic
Prev by thread: Re: How do I know if its encrypted?
Next by thread: Re: How do I know if its encrypted?
Index(es):
- Date
- Thread