[tptacek]

For whatever it's worth to you, most of the pre-DES-era encryption techniques betray themselves to basic statistical analysis. It's hard to hide that you're using puzzle book crypto, even if it produces what appears at first glance to be binary gibberish.

Like I said, there is a security-by-obscurity game to be played with this stuff: tamper with a known algorithm (even if you don't trust it, it's not like you can tell the difference between AES and TEA just by looking at ciphertexts).

[runjake]

And that's assuming the traffic is being subjected to the statistical analysis required for detection.

Timing also plays a big role. Many times a piece of intelligence is only useful for a duration of x.

Narus boxes are not magic, they can only do so much ;).

[tptacek]

I wrote this comment only to make it clear that the stats required to figure out if something is "really" encrypted are trivial. They take significantly less than a second for a Ruby program to perform. You'd just always run them.

Sorry I wasn't more explicit (or if you already realized that).