I asked this question 10 years ago and got probably the best insight about cryptography I’ve ever encountered, from the cryptographer who later created BearSSL. It’s worth just reading (top response):

https://security.stackexchange.com/q/24449

A more direct answer is that the attacker just starts trying the most likely attacks against the most likely candidates. And if you were using one of the weaker ones, that’ll get guessed first.

Often the “container” that the encrypted data is in will give clues about which algorithm is used, either because it supports different kinds and therefore has to indicate which is being used (like TLS does) or because the attacker knows where the encrypted data came from and can reason from there.

But as the answer from the linked post said, doing encryption properly is about gaining security through *secrecy* rather than *obscurity*. You want to only depend on secrets you can actually keep, not secrets that you’ll inadvertently give away. Proper encryption only uses actual secrets, never just obscured details.