Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!umd5!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: sci.crypt
Subject: Re: how do you tell encrytped data from random data?
Message-ID: <6992@brl-smoke.ARPA>
Date: 8 Jan 88 06:37:50 GMT
References: <660@bucket.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 29

In article <660@bucket.UUCP> leonard@bucket.UUCP (Leonard Erickson) writes:
>An interesting question has crossed my mind. If someone presents you with
>an allegedly encrypted message, How can you tell if it really is encrypted
>as opposed to being a bunch of random characters?

The only foolproof way is to decrypt it.

>I know that transposition and *simple* substitution can be detected by
>letter frequency analysis. But is a "flat" distibution evidence of random
>data?

No, most really good encryption systems pretty much randomizes the cipher
stream, insofar as simple statistical tests can determine.  Conversely,
just because some putative cipher stream appears nonrandom does not mean
that it has meaningful underlying plaintext.  It could be a hoax.  There
are those who think the two undeciphered Beale cryptograms are hoaxes.

>For my purposes, both "one-time pad" ciphers and anything that operates on
>units other than characters can be considered random! If it is that complex,
>then I'm not likely to crack it!

You can't crack a true one-time pad system by analysis anyway, no matter
how competent a cryptanalyst you are.

>(when an 8k msg uses the 26 letters so evenly that the
>spread better most used and least used is 12, you get *real* suspicious :-)

Flatter-than-random distributions are not necessarily hoaxes.
They're actually pretty easy to obtain; Mil Cryp has an example.