On Wed, 2005-12-21 at 17:23 -0800, David Hogue wrote:
Hi All,
I am trying to figure out the password encryption scheme used by some
software and haven't had much luck yet. I was wondering if anyone on
here might be able to give me some pointers.
A little while ago I remember some discussion on this list (I think it
was this list anyway) about decrypting passwords that were XOR
encrypted. I can't seem to find that discussion though.
I have a few example passwords and I can see a pattern emerging:
password crypted
a aQ==
b cg==
c ew==
aa aWo=
ab aXE=
cc e3g=
aaa aWpq
aab aWpx
abb aXFx
bbb cnFx
Here's what I see at first glance:
1) The '=' sign is used for padding (MIME encoding uses padding, I
believe)
2) It could be based on the character value. Look at the first letters.
'c' is two letters from 'a', and has been rotated two more letters over
in the crypt (making it 'e'). 'a' is not rotated at all. 'b' is rotated
one more letter ('c'). I'd bet with a larger set of crypts that this is
repeatable.
HTH,
--
Chris Largret <http://daga.dyndns.org>
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
