From: eric@remailer.net (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 383a0e1fb25735f74f89901033b0a9bea57c061072dbb7cc917e7e5ed0de25bb
Message ID: <199501120450.UAA29781@largo.remailer.net>
Reply To: <m0rSFsb-000kfuC@mill2.millcomm.com>
UTC Datetime: 1995-01-12 04:51:57 UTC
Raw Date: Wed, 11 Jan 95 20:51:57 PST
From: eric@remailer.net (Eric Hughes)
Date: Wed, 11 Jan 95 20:51:57 PST
To: cypherpunks@toad.com
Subject: Re: How do I know if its encrypted?
In-Reply-To: <m0rSFsb-000kfuC@mill2.millcomm.com>
Message-ID: <199501120450.UAA29781@largo.remailer.net>
MIME-Version: 1.0
Content-Type: text/plain
My question is how do I know it is encrypted?
Calculate an entropy measure of some sort. Entropy is a measure of
disributional skew. Maximum entropy means minimum skew.
For human-readable text of any sort, the monogram entropy, i.e. the
entropy of individual characters, will _always_ be detectably less
than maximal. Encrypted text will always be near maximal. The two
are easy to distinguish. ASCII-armored encrypted text will always be
right at 6 bits per byte.
For speed of implementation, you don't need even to look at much text.
You can get a statistically significant measure quite quickly from the
first couple of kilobytes.
And since you're only really worried about detecting non-randomness,
you don't even need to calculate the exact entropy but rather an
approximation of it. This approximation can be done with entirely
fixed point arithmetic, if you're a bit clever about it.
A practical system would cut out a notch at 6/8 for ASCII armor, which
would make approximation techniques a bit tricky. More practical is
just to detect ASCII armor with a regular expression recognizer and
de-armor it before the entropy check.
Eric
Return to January 1995
Return to “tcmay@netcom.com (Timothy C. May)”