1995-01-12 - Re: How do I know if its encrypted?

Header Data

From: daleh@ix.netcom.com (Dale Harrison (AEGIS))
To: cypherpunks@toad.com
Message Hash: c5721fc7660793d500476852ff49ef63a2cab7c3d660d40c1bb361a40b36d4e8
Message ID: <199501120540.VAA11357@ix3.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1995-01-12 05:41:55 UTC
Raw Date: Wed, 11 Jan 95 21:41:55 PST

Raw message

From: daleh@ix.netcom.com (Dale Harrison (AEGIS))
Date: Wed, 11 Jan 95 21:41:55 PST
To: cypherpunks@toad.com
Subject: Re: How do I know if its encrypted?
Message-ID: <199501120540.VAA11357@ix3.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


You wrote: 

>
>   My question is how do I know it is encrypted?  
>
>Calculate an entropy measure of some sort.  Entropy is a measure of
>disributional skew.  Maximum entropy means minimum skew.
>
>For human-readable text of any sort, the monogram entropy, i.e. the
>entropy of individual characters, will _always_ be detectably less
>than maximal.  Encrypted text will always be near maximal.  The two
>are easy to distinguish.  ASCII-armored encrypted text will always be
>right at 6 bits per byte.
>
>For speed of implementation, you don't need even to look at much text.
>You can get a statistically significant measure quite quickly from the
>first couple of kilobytes.  
>
>And since you're only really worried about detecting non-randomness,
>you don't even need to calculate the exact entropy but rather an
>approximation of it.  This approximation can be done with entirely
>fixed point arithmetic, if you're a bit clever about it.
>
>A practical system would cut out a notch at 6/8 for ASCII armor, which
>would make approximation techniques a bit tricky.  More practical is
>just to detect ASCII armor with a regular expression recognizer and
>de-armor it before the entropy check.
>
>Eric
>
>
Won't work!  You can always embed an encrypted message in what 'looks' 
like plaintext.  A trivial example: Encrypt a message with a caesar 
cypher, then build a story where the first char of each word maps to 
each subsequent char from the encrypted text.  At the cost of expanding 
the size of the message by a factor of 5 to 10 you've hidden the 
encrypted message in what looks like a letter to your mother (or a news 
story in the NY Times, etc.)  This is old technique.

Dale H.







Thread