Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

C# - Detect RSA-2048 Encryption on a File

Is there a way to detect, in .NET (C#) whether a file is encrypted using RSA-2048 encryption?
0
street9009
Asked:
street9009
  • 5
  • 3
  • 3
1 Solution
 
AndyAinscowCommented:
Only if you know the password - then you can successfully decrypt it.
0
 
street9009Author Commented:
So there's no identifying marks or way to test without knowing the password/key?
0
 
AndyAinscowCommented:
Not that I know of.
Don't forget, anything that identifies the encryption method is already a help towards decrypting it.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
street9009Author Commented:
There must be some way, as there appear to be multiple tools that do this: http://security.stackexchange.com/questions/44387/scanning-for-files-than-have-been-encrypted-by-cryptolocker
0
 
gheistCommented:
Encrypted data is completely random. If it is not it means that particular encryption algorithm is broken.
RSA-2048 is not an encryption algorithm, it is something else:https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048
0
 
street9009Author Commented:
Okay- tomato, tomahto. The terminology I used came from the fact that these are called "encryption viruses" and use "RSA-2048" to change the content of your files.

The question remains- can it be detected in C#?
0
 
gheistCommented:
Yes, encrypted data is fully random, so all and every randomness test suites should confirm that.
http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html
Many tests will confirm that RAR and zopfli compression is random too, but ok, at least it will not missdetect good documents.
At least truecrypt detectors worked like that.
0
 
street9009Author Commented:
I don't see how to make this work in C# though...
0
 
AndyAinscowCommented:
>>Yes, encrypted data is fully random, so all and every randomness test suites should confirm that.

I would say no you can not tell which encryption method is used unless you know the key then you can decrypt the file.  The question as I understand it isn't about is it encrypted but about is it encrypted with this stated method.
0
 
street9009Author Commented:
Really either would be helpful, though yes you are correct, I was hoping to detect that specific method.
0
 
gheistCommented:
I doubt there is any good RNG test in C#, so if you want to do it really in .NET you must either make your own interface to native code, or port to C#. Source files of NIST tests make like 200KB togeter - like 200 screenfuls of code in total.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now