Cipher Identifier

An encryption detector is a computer tool designed to recognize encryption/encoding from a text message. The detector performs cryptanalysis, examines various features of the text, such as letter distribution, character repetition, word length, etc. to determine the type of encryption and guide users to the dedicated pages on dCode based on the type of code or encryption identified.

To decrypt / decipher an encoded message, it is necessary to know the encryption used (or the encoding method, or the implemented cryptographic principle). Without knowing the technique chosen by the sender of the message, it is impossible to decrypt it (or decode it). Knowing the encryption (or encoding, or code) is therefore the first step to start the decryption (or decoding) process.

dCode therefore proposes, on this page above, an artificial intelligence tool dedicated to the automatic recognition/identification of encryption and direct links to dCode tools capable of deciphering the message/text.

To recognize/guess the type of cipher/coding used to encrypt/encode a message, dCode uses several detection/cryptanalysis methods:

— Frequency analysis: This involves observing which characters in the message appear most frequently and in what proportions. This analysis can cover all characters, but generally focuses on the letters of the alphabet (A-Z) and numbers (0-9), which helps eliminate many cipher or coding methods. The analysis of bigrams or trigrams (or more generally, groups of letters) allows for more refined cryptanalysis. The presence or absence of certain sequences provides valuable clues for determining the type of cipher.

— Coincidence index: This assesses the degree of randomness in the distribution of characters in a message. In a language like English, certain characters appear much more frequently than others: the letter E is widely used, while the letter X remains much rarer. This natural tendency in intelligible texts helps distinguish a structured message from a sequence of encrypted characters.

— Signature search: This involves identifying the distinctive features specific to certain ciphers or encodings. These characteristic elements make them easier to identify.

Sometimes the cipher identifier finds little or no relevant result, several reasons are possible:

— The message is too short: a message containing not enough characters does not allow a good frequency analysis to be performed. The possibilities become very numerous without a way to precisely identify the encryption.

— The message has a low entropy: it is composed of few distinct characters (a binary message containing only 0s and 1s has a low entropy). Furthermore, nearly all messages can be stored in binary, identifying the encryption precisely is difficult.

— The message contains unnecessary characters (such as spaces between each letter), which weakens the frequency analyses. Remove spaces or other unnecessary symbols for best results.

— The message is over-encrypted: several successive encodings / ciphers have been applied, the over-encryption tends to mask the characteristic signatures of the original encryption.

— The message is composed of several distinct messages: the presence of several ciphers with different properties disturbs the detector which searches for a single cipher. Please split the message to determine the coding of each portion.

— The encryption used is recent: modern cryptography techniques are such that it is impossible to recognize an encrypted message from a random message, it is moreover a quality of a good encryption. Identification is, in essence, difficult.

— The encryption used is very rare: dCode can detect more than 300 different ciphers and continues to improve thanks to your feedback and messages, but it is not impossible that some ciphers are still unknown/missing.

Sometimes, the recognition algorithm, based on artificial intelligence and machine learning, detects multiple signals or characteristics from different types of encryption, which can lead to approximate results. Do not hesitate to contact us by providing the encrypted message, the original message, and the encryption method used. This will allow dCode to teach the analyzer this new information for future analyses. The more data there is, the more accurate the detection will be.

The AI ​​encryption detection program is based on a multilayer perceptron (MLP). An MLP is a type of neural network composed of multiple layers of interconnected neurons, where each layer transforms the received input before passing it on to the next. This structure allows the program to detect subtle patterns in data, improve its accuracy, and adapt to different types of encryption more effectively.

At the input layer there are the coded messages (with ngrams), and at the output layer the different types of known and referenced ciphers on dCode.

Regularly the database is updated and new ciphers are added which allows to refine the results.