CREATED-BY Standard Extension

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
zuiqpazu
Posts: 3
Joined: Thu Oct 08, 2015 12:20 pm

CREATED-BY Standard Extension

Post by zuiqpazu » Thu Oct 08, 2015 12:23 pm

Hi,

I've noted a very minor bug with AESCrypt where it does not seem to follow the standard extension tags linked here: https://www.aescrypt.com/standard_extensions.html

The CREATED-BY tag is being set with an underscore _ instead of - as suggested in the documentation.

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: CREATED-BY Standard Extension

Post by paulej » Thu Oct 08, 2015 12:45 pm

That's interesting. But, I declare the bug to be in documentation, since aescrypt has always produced the tag in the same way. Blame the documenter. :)

PS - That would be me
PPS - Fixed it

zuiqpazu
Posts: 3
Joined: Thu Oct 08, 2015 12:20 pm

Re: CREATED-BY Standard Extension

Post by zuiqpazu » Thu Oct 08, 2015 12:51 pm

Aha :shock: Any chance that the documentation gets updated then? ;) What about the CREATED-DATE and CREATED-TIME tags? Does AESCrypt set them? And if so, is it with underscore or dashes?

Thanks :D

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: CREATED-BY Standard Extension

Post by paulej » Thu Oct 08, 2015 12:55 pm

I just fixed the documentation. AES Crypt has never used the other tags. Some find it concerning to even reveal the tool, let alone date and time. The tool isn't a concern for me, as one can easily tell it's AES Crypt that creates the file, anyway. But, I defined these as a starting point. Significantly, there are no interop issues here, unless somebody is processing these tags.

zuiqpazu
Posts: 3
Joined: Thu Oct 08, 2015 12:20 pm

Re: CREATED-BY Standard Extension

Post by zuiqpazu » Thu Oct 08, 2015 2:11 pm

... This doesn't have much to do with the original post, but you mentioned an interesting point here.

I was checking the AES Crypt File Format ( https://www.aescrypt.com/aes_file_format.html ) and I was thinking that if one was to strip out all the octets appearing before the 16 octets used for the first IV, there wouldn't be any give-away that the file is AES encrypted. Or is my assumption incorrect?

The caveat is that this obviously loses all the metadata, and which version of AES Crypt is being used.

User avatar
paulej
Posts: 524
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: CREATED-BY Standard Extension

Post by paulej » Fri Oct 09, 2015 8:28 am

Yeah, if we remove the AES at the start, the tag section, etc, it wouldn't be revognizaas an AES cry file so easily. It's still possible to tell, though, or at least have a good idea. The number of octets in the file would be one clue. Every file is some size modulo 16 + the header and footer footprint. I could easily guess with goid accuracy.I'd also perform a frequency analysis on the contents. Encrypted data is revealing, regardless of the tool.

For most applications, knowing something is encrypted is a concern. Knowing what tool, IMO, is less of a concern, because it's only useful if you have a way to crack it.

Post Reply