Security Basics mailing list archives
Re: Cracking simple password encryption
From: Gilles DEMARTY <gilles.demarty () gmail com>
Date: Thu, 22 Dec 2005 08:14:16 +0100
I am trying to figure out the password encryption scheme 2005/12/22, David Hogue <davehogue () gmail com>:
password crypted a aQ== b cg== c ew== aa aWo= ab aXE= cc e3g= aaa aWpq aab aWpx abb aXFx bbb cnFx
No XORs over there. : first digit of crypted text is only dependant of the first char of clear. second digit of crypted text is dependant of the two first char of the clear. third digit of crypted text is dependant only of the last two fourth digit of crypted text is dependant only of the last one. the first question comming to my mind is can there be more than 3 digits in the clear password or can you encode longer passwords ? the second is : can you encrypt your own password (obtain more clear-crypted pairs), or is these the only sample you can obtain and you have been asked to cryptanalyze it (i.e break the code) ? Since the 4 digits of crypted text are independant, you can try to break the easier form : see these equations as 1 or 2 variables function. first sample : a = a b = c c = e second sample : (where & means nil, nothing) a,& = 'Q' b,&= 'g' c,& = 'w' a,a = 'W' a,b = 'X' b,b = 'n' c,c = '3' third sample : &,& = '=' a,& = o b,& = E c,& = g a,a = p a,b = p b,b = F (looks like this one is only dependant of the presence of a third digit, but not the value => to be validated, something like : if second var is not null : then result += 1 ). fourth sample : & = '=' a = q b = x and then concatenate everything; If you can generate you own passwords, then try to make every possible combinaison, (first and last samples : a 256 chars mapping, or more exactly 62 if you take only alphanumerics combinaison. the two middle one : 3969 possibilities). Of course, these conclusion are only from what you have provided, and may be not true with more samples; and as for the reverse function == obtain clear text from the crypted one (as it may be what you're interessed in). my 2 cents hope it helps;
Thanks, David --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- Cracking simple password encryption David Hogue (Dec 21)
- Re: Cracking simple password encryption Kaushik (Dec 26)
- Re: Cracking simple password encryption Gilles DEMARTY (Dec 26)
- Re: Cracking simple password encryption Alexander Klimov (Dec 26)
- Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption S.A.B.R.O. Net Security (Dec 26)
- Re: Cracking simple password encryption David Hogue (Dec 26)
- Re: Cracking simple password encryption jim (Dec 26)
- Re: Cracking simple password encryption Chris Largret (Dec 26)
- Re: Cracking simple password encryption Thomas Muders (Dec 26)
- <Possible follow-ups>
- Re: Cracking simple password encryption securityfocus (Dec 26)
- Re: Cracking simple password encryption warl0ck (Dec 26)