Cipher Identifier

A encryption detector is a computer tool designed to recognize encryption/encoding from a text message. The detector performs cryptanalysis, examines various features of the text, such as letter distribution, character repetition, word length, etc. to determine the type of encryption and guide users to the right tools based on the type of code or encryption identified.

To decrypt / decipher an encoded message, it is necessary to know the encryption used (or the encoding method, or the implemented cryptographic principle). Without knowing the technique chosen by the sender of the message, it is impossible to decrypt it (or decode it). Knowing the encryption (or encoding, or code) is therefore the first step to start the decryption (or decoding) process.

dCode therefore proposes, on this page above, an artificial intelligence tool dedicated to the automatic recognition/identification of encryption and direct links to tools capable of deciphering the message/text.

To recognize/guess the type of encryption/encoding used to encrypt/encode a message, dCode uses several detection/cryptanalysis methods:

— frequency analysis: which characters of the message appear most often? In what proportion? Which characters do not appear? This analysis can be carried out for all the characters (but often the letters A-Z and the numbers 0-9 allow to eliminate many methods of ciphers/coding). The analysis of bigrams or trigrams (or more generally group of letters) makes it possible to refine the cryptanalysis, the presence or absence of certain groups of letters are clues.

— the coincidence index: how random are the characters of the message? Intelligible messages (in English) tend to favor certain letters and do not use the E in the same way as the X (much rarer).

— signature search: certain ciphers / encodings have characteristic marks, a signature which makes them identifiable.

Sometimes the cipher identifier finds little or no relevant result, several reasons are possible:

— The message is too short: a message containing not enough characters does not allow a good frequency analysis to be performed. The possibilities become very numerous without a way to precisely identify the encryption.

— The message has a low entropy: it is composed of few distinct characters (a binary message containing only 0s and 1s has a low entropy). Furthermore, nearly all messages can be stored in binary, identifying the encryption precisely is difficult.

— The message contains unnecessary characters (such as spaces between each letter), which weakens the frequency analyses. Remove spaces or other unnecessary symbols for best results.

— The message is over-encrypted: several successive encodings / ciphers have been applied, the over-encryption tends to mask the characteristic signatures of the original encryption.

— The message is composed of several distinct messages: the presence of several ciphers with different properties disturbs the detector which searches for a single cipher. Please split the message to determine the coding of each portion.

— The encryption used is recent: modern cryptography techniques are such that it is impossible to recognize an encrypted message from a random message, it is moreover a quality of a good encryption. Identification is, in essence, difficult.

— The encryption used is very rare: dCode can detect more than 300 different ciphers and continues to improve thanks to your feedback and messages, but it is not impossible that some ciphers are still unknown/missing.

Sometimes the recognizer algorithm (based on artificial intelligence and machine learning) finds multiple signals, distinctive signs from several cipher types, and returns approximate results. Please contact us with your cipher message, the original message and the encryption method used so that dCode can teach the analyzer/finder this encryption for future times. The more data there is, the more accurate the detection will be.

The program is based on a neural network type architecture, more precisely a multilayer perceptron (MLP). At the input layer there are the coded messages (with ngrams), and at the output layer the different types of known and referenced ciphers on dCode. Regularly the database is updated and new ciphers are added which allows to refine the results.