I know there are a lot of encryption programs available, that I would guess use different methods for encryption, and thus have different types of output files (.fve .tc .cha .dmg (bitlocker, truecrypt, challenger, ect.)), but if someone didn't know what the file was and just looked at the data, what would it look like? Does it just look like random bits, or can you still pick out a pattern? If it does look random, how is it if I moved the encrypted file to another computer, the other computer can tell it's a file, and is able to decrypt it (how would it even know where to start or stop, if it all looked random)? Also, how is the structure affected by encrypting files twice, using the same method, or a different one? Thanks for any help, and if you know any books or site about encryption for complete idiots, I'd appreciate it!
13 Answers
A well encrypted file (or data) looks like random data, there is no discernibly pattern.
When you give an encrypted file to a decryption program (DCP) it tries to decrypt a small portion of the file. This part contains meta information for the DCP.
If the DCP succeeds in reading that decrypted portion of the file you have the correct DCP and password, then the DCP continues to decrypt the entire file. If the DCP fails you either have the wrong password OR are using the wrong decryption method. If this happens there is no way to know witch went wrong.
Note.
This does not apply to some encryption applications most notably those that are archive applications. Two examples ate zip and rar witch have an outer container that will allow you to detect what application was used to create them
perfectly encrypted data looks like perfect random noise.
whenever encrypted data was broken (and not by some 007 obtaining the passphrase from the wife of the villain), the encrypted data did not look that much random to clever mathematicians. as long as it is just perfect random noise, the only attack left (except 007 and the girls) is brute force, which tries to try every possible key and checks, if the decrypted contains something with a pattern (words, pixels)
regarding your subquestions:
a computer does not know, how to handle a file by itself. normally you help it (or better, you help the OS) to append a suffix and then the OS looks up a table of suffices and if one fits then it just launches the associated application. that application itself "does not know" if the stuff thats in the file is "ok for the user". you can merge a .gif image and a .zip file and you could open this file with either an image viewer or a zip program (see here)
the original structure of the data is not affected by the encryption, even if you encrypt it 3 times. otherwise you can not restore the original data, the structure of the original data IS the data.
Encrypted files should just look like random data, but sometimes they have headers that can be used to identify what kind of file they are.
