Security Basics mailing list archives
RE: Re: discover encryption method
From: "Worrell, Brian" <BWorrell () isdh IN gov>
Date: Tue, 8 Jan 2008 08:55:36 -0500
Richard, I recall an Article, located at http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-crack er/ . But beyond that, I have heard for a while that MD5 hashing has been reversible in a lot of cases. Not saying that is the answer here, just passing this on. Thanks Brian -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of richard () tortoise demon co uk Sent: Monday, January 07, 2008 3:18 PM To: security-basics () securityfocus com Subject: Re: discover encryption method On Mon, 07 Jan 2008 22:57:50 +0530, Bipin Upadhyay <muxical.geek () gmail com> wrote:
RSnake's Hashmaster is just the right thing for you, provided the passwords aren't salt-ed (in which case you might want to right your own script.) http://ha.ckers.org/hashmaster/
Thanks for the link Bipin. I don't think the encrypted passwords I'm interested in are hashes.
From the little I know in this area, I thought that a hash was a
non-reversable process, in that if: hash(A)=hash(B) then probably A=B, but knowing hash(A) does not allow you to calculate A. The application I'm dealing with can somehow present the passwords in cleartext in it's user interface, and so is somehow reconstructing the text from the encrypted value. I'm supposing it to be encrypted using some secret key held within the application, but I know neither the key or the method. Please correct me if I'm mistaken. Regards, Richard
Current thread:
- discover encryption method richard (Jan 07)
- Re: discover encryption method Bipin Upadhyay (Jan 07)
- Re: discover encryption method richard (Jan 07)
- Re: discover encryption method Alexander Klimov (Jan 08)
- Re: discover encryption method richard (Jan 08)
- Re: discover encryption method Tofig Gasanov (Jan 08)
- Re: discover encryption method Alexander Klimov (Jan 09)
- Re: discover encryption method richard (Jan 07)
- RE: Re: discover encryption method Worrell, Brian (Jan 08)
- Email security - gateway WALI (Jan 08)
- RE: Email security - gateway Bill Lavalette (Jan 08)
- Re: Email security - gateway Josh Haft (Jan 08)
- Re: Email security - gateway John Mason Jr (Jan 08)
- RE: Email security - gateway Krzyston, Randy (Jan 09)
- RE: Email security - gateway Wilson Mosquera Q. (Jan 09)
- Re: discover encryption method Bipin Upadhyay (Jan 07)
- Re: Email security - gateway Deanosaur (Jan 09)
- RE: Email security - gateway Weir, Jason (Jan 09)
- Re: Email security - gateway Kurt Buff (Jan 09)
- RE: Email security - gateway Kevin Ortloff (Jan 09)