tag:blogger.com,1999:blog-6690994337395244641.post5345960998095418690..comments2009-07-11T11:25:59.145-05:00PaulMhttp://www.blogger.com/profile/02530533566781746778noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6690994337395244641.post-8695446176383400702008-04-01T12:58:00.000-05:002008-04-01T12:58:00.000-05:00Thanks for the comment, Erik.<BR/><BR/>You make a very good point that this type of test is not in any way thorough, and that things like XOR-ing a file will produce a similar visual result.PaulMhttp://www.blogger.com/profile/02530533566781746778noreply@blogger.comtag:blogger.com,1999:blog-6690994337395244641.post-37333506916462040202008-03-27T22:01:00.000-05:002008-03-27T22:01:00.000-05:00Paul -<BR/><BR/>First, thanks for sharing this code. I happen to need something that does just this!<BR/><BR/>A few comments on using frequency analysis as a "Snake Oil" vs good crypto test:<BR/><BR/>Please take a look at the Linux Penguin photos in this wikipedia entry: <A HREF="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation" REL="nofollow"> Block Cipher Modes </A>.<BR/><BR/>Note how you can still see many of the features of the image when it is encrypted with EBC mode. <BR/><BR/>But, in another mode, like CBC, any block cipher will pass the frequency analysis test, even 8-bit XOR. (I am thinking about coding up a little example of that.)<BR/><BR/>Also, be aware that how the keys are managed and protected is often much more critical than the cipher, mode, or key-length choices.<BR/><BR/>Thanks for the great post !<BR/><BR/>Erik Heidt<BR/><A HREF="http://artofinfosec.com" REL="nofollow">Art of Information Security</A>Erik Heidthttp://artofinfosec.comnoreply@blogger.com