Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!tektronix!reed!percival!bucket!leonard
From: leonard@bucket.UUCP (Leonard Erickson)
Newsgroups: sci.crypt
Subject: how do you tell encrytped data from random data?
Message-ID: <660@bucket.UUCP>
Date: 6 Jan 88 05:36:23 GMT
Reply-To: leonard@bucket.UUCP (Leonard Erickson)
Organization: Rick's Home Grown Unix; Portland, OR
Lines: 33

An interesting question has crossed my mind. If someone presents you with
an allegedly encrypted message, How can you tell if it really is encrypted
as opposed to being a bunch of random characters?

I know that transposition and *simple* substitution can be detected by
letter frequency analysis. But is a "flat" distibution evidence of random
data?

For my purposes, both "one-time pad" ciphers and anything that operates on
units other than characters can be considered random! If it is that complex,
then I'm not likely to crack it!

This is inspired by my fiinding some notes I made a year or so ago when I
and some friends were exchanging encrypted msgs over a public BBS. A few
of our friends cracked or first efforts and a typical "arms race" of better
ciphers followed by better analytic techniques ensued.

We finally came (after about 5 changes) came up with a scheme that only
one outsiders could read part of. Some of the other users started using
their own ciphers. The sysop didn't mind until someone started posting
HUGE messages which he suspected were just garbage. But the challenge
was, were they garbage or real messages?

Under his rules, messages (even encrypted!) were ok, junk wasn't. I made
a few attempts to analyze them, but while I was fairly certain, I could
never be sure. (when an 8k msg uses the 26 letters so evenly that the
spread better most used and least used is 12, you get *real* suspicious :-)

-- 
Leonard Erickson		...!tektronix!reed!percival!bucket!leonard
CIS: [70465,203]
"I used to be a hacker. Now I'm a 'microcomputer specialist'.
You know... I'd rather be a hacker."