Edit: just found this question from 2014: Decryption of ciphertext. This is essentially an updated version of that question with more data and a request for clarification since there is nothing in the help center specifically about this.
Many of the unanswered questions here are about decoding checksums/CRCs, identifying compression/packing/obfuscation/encryption, decoding file formats etc but I wanted to focus specifically on encryption.
A noticeable proportion of these questions involve presenting either a sample of data or a file alleged to be encrypted in some way with a request for assistance in either identifying the encryption or decrypting it or both. In essence, they are requests for ciphertext analysis.
To be more clear, these questions typically do not include the following information:
- identification of the routines or processes involved in generating / encrypting the ciphertext / file
- what application receives the data as input / what processes access the encrypted file
- multiple samples created with different keys
- compression, encoding, encryption libraries present within the system
In other words, a hypothesis is presented in the hope that someone else tests it while at the same withholding information that would arguably be essential to such an endeavor.
Here are some examples:
Reversal of unknown obfuscation or encryption with known plaintext
Reverse Engineering Android binary file
Decrypting/Decoding encrypted/encoded data
File reverse engineering - .tbl format
There are plenty of questions like this involving compression and checksums as well but I wanted to focus on encryption specifically because a similar issue was addressed on crypto.SE:
Excerpt from the accepted answer:
I think any question of the form “here's a bunch of bytes, how do I break them” should be summarily closed. This blanket ban could be mentioned in the FAQ.
From the crypto.SE Help Center:
Edit: For comparison purposes, here are examples of questions involving problems with encryption in which enough information was provided to arrive at an answer (note: some did not initially provide enough information to be solvable and more information had to be requested):
Having keys and binary, how do I reverse/decrypt a stream encryption?
Help deciphering binary that creates 3 passwords
How can I determine if a piece of code is an encryption algorithm?
Argument: RE != cryptanalysis
One does not need to be a pro to know that encryption of "malware" is a major issue in analysis. Additionally, vulnerability analysis of software (IoT device firmware, for example) can be complicated by encryption. Many more examples can be given. Clearly then dealing with encryption can be significant component in the process reverse engineering software/a system of interest. However, reverse engineering is not synonymous with cryptanalysis. "Reverse engineering" should not imply "reverse engineering how a supposedly encrypted binary blob is encrypted by looking at the ciphertext and nothing else". Currently some conflate the two.
Request: clarification
Should all manner of "reverse this encrypted data" / "analyze this ciphertext" questions be considered "on topic"? If not, what criteria should a question involving encrypted data meet in order for it to be considered "on topic" for this site?
This could be extended to include "reverse this checksum" / "how is this file compressed?" type questions as well.
