|
Encryption vs compression detection
1 Attachment(s)
I've been investigating ways to distinguish between data that is compressed and data that is encrypted. Entropy is a good way of finding scrambled data but it cannot tell the difference between compressed and encrypted blocks.
With this code, instead of looking at the frequency of occurrence of bytes in the file, we treat the file as if it is the output of a Boolean function and we look at the type of equations that must give rise to this output sequence. This method is used to test the quality of random number generators. You can find my C++ implementation of the Walsh-Hadamard transform attached. The idea was eventually to build this measurement into some kind of GUI tool for people to use, but I'm not sure that I'm getting good results with it. You will have to compile it yourself if you want to try it out, but you might just be interested in the code. |
@dila, can you share the src out of this board, since i can't downloaded from the attachment. Thank you
|
I pasted the code here https://pastebin.com/q2Ppk51Q. The ZIP attachment is large because it contains a PDF describing a method of testing random sequences using the WHT.
If you want to know more about the transform, you can read about it in The Design of Rijndael book (PDF available here). Here they give some identities of the function, such as how bitwise XOR of two functions in the Boolean domain corresponds to convolution of their coefficients in the spectral domain. |
| All times are GMT +8. The time now is 22:25. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX