#1
|
|||
|
|||
Encryption vs compression detection
I've been investigating ways to distinguish between data that is compressed and data that is encrypted. Entropy is a good way of finding scrambled data but it cannot tell the difference between compressed and encrypted blocks.
With this code, instead of looking at the frequency of occurrence of bytes in the file, we treat the file as if it is the output of a Boolean function and we look at the type of equations that must give rise to this output sequence. This method is used to test the quality of random number generators. You can find my C++ implementation of the Walsh-Hadamard transform attached. The idea was eventually to build this measurement into some kind of GUI tool for people to use, but I'm not sure that I'm getting good results with it. You will have to compile it yourself if you want to try it out, but you might just be interested in the code. |
The Following 7 Users Gave Reputation+1 to dila For This Useful Post: | ||
chessgod101 (10-01-2017), MarcElBichon (10-01-2017), mr.exodia (10-01-2017), Storm Shadow (10-01-2017), tonyweb (10-01-2017), yoza (10-04-2017), zeuscane (10-01-2017) |
The Following 15 Users Say Thank You to dila For This Useful Post: | ||
aldente (10-02-2017), an0rma1 (10-01-2017), besoeso (10-01-2017), chessgod101 (10-01-2017), leader (10-07-2017), NoneForce (10-01-2017), ontryit (10-01-2017), p4r4d0x (06-20-2018), sendersu (10-01-2017), sh3dow (07-29-2019), Storm Shadow (10-01-2017), tonyweb (10-01-2017), uel888 (10-02-2017), yoza (10-04-2017), zeuscane (10-01-2017) |
#2
|
|||
|
|||
@dila, can you share the src out of this board, since i can't downloaded from the attachment. Thank you
|
#3
|
|||
|
|||
I pasted the code here https://pastebin.com/q2Ppk51Q. The ZIP attachment is large because it contains a PDF describing a method of testing random sequences using the WHT.
If you want to know more about the transform, you can read about it in The Design of Rijndael book (PDF available here). Here they give some identities of the function, such as how bitwise XOR of two functions in the Boolean domain corresponds to convolution of their coefficients in the spectral domain. |
Tags |
entropy |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Armadillo compression algorithms | gigaman | General Discussion | 2 | 05-08-2007 07:22 |