Solved

C# - Detect RSA-2048 Encryption on a File

Posted on 2014-12-18
11
492 Views
Last Modified: 2016-10-27
Is there a way to detect, in .NET (C#) whether a file is encrypted using RSA-2048 encryption?
0
Comment
Question by:street9009
  • 5
  • 3
  • 3
11 Comments
 
LVL 44

Expert Comment

by:AndyAinscow
Comment Utility
Only if you know the password - then you can successfully decrypt it.
0
 

Author Comment

by:street9009
Comment Utility
So there's no identifying marks or way to test without knowing the password/key?
0
 
LVL 44

Expert Comment

by:AndyAinscow
Comment Utility
Not that I know of.
Don't forget, anything that identifies the encryption method is already a help towards decrypting it.
0
 

Author Comment

by:street9009
Comment Utility
There must be some way, as there appear to be multiple tools that do this: http://security.stackexchange.com/questions/44387/scanning-for-files-than-have-been-encrypted-by-cryptolocker
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Encrypted data is completely random. If it is not it means that particular encryption algorithm is broken.
RSA-2048 is not an encryption algorithm, it is something else:https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:street9009
Comment Utility
Okay- tomato, tomahto. The terminology I used came from the fact that these are called "encryption viruses" and use "RSA-2048" to change the content of your files.

The question remains- can it be detected in C#?
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Yes, encrypted data is fully random, so all and every randomness test suites should confirm that.
http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
Many tests will confirm that RAR and zopfli compression is random too, but ok, at least it will not missdetect good documents.
At least truecrypt detectors worked like that.
0
 

Author Comment

by:street9009
Comment Utility
I don't see how to make this work in C# though...
0
 
LVL 44

Expert Comment

by:AndyAinscow
Comment Utility
>>Yes, encrypted data is fully random, so all and every randomness test suites should confirm that.

I would say no you can not tell which encryption method is used unless you know the key then you can decrypt the file.  The question as I understand it isn't about is it encrypted but about is it encrypted with this stated method.
0
 

Author Comment

by:street9009
Comment Utility
Really either would be helpful, though yes you are correct, I was hoping to detect that specific method.
0
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
Comment Utility
I doubt there is any good RNG test in C#, so if you want to do it really in .NET you must either make your own interface to native code, or port to C#. Source files of NIST tests make like 200KB togeter - like 200 screenfuls of code in total.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now