PaulDotCom mailing list archives

Figuring out Encryption Used

From: infolookup at gmail.com (infolookup at gmail.com)
Date: Wed, 15 Jul 2009 11:58:09 +0000

Hi Jim,

Thanks for the reply so far I have noticed the following;
1. The minimum clear text password length is six.
2. Even when I create a 9/20 characters plain text password, the encrypted password/hash is still 8 characters in 
length.
3.I can't automate password creation I have to create a user account then assign it a password then chose create USB 
key file and that's how the system exports the password.
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Jim Halfpenny <jim.halfpenny at gmail.com>

Date: Wed, 15 Jul 2009 10:34:00 
To: <infolookup at gmail.com>; PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] Figuring out Encryption Used


Hi,
If you do this kind of known plaintext activity then start by generating a
dictionary mapping passwords to hashes. Start with single characters and
work up.

Is the length of the crypt the same each time?
Does the password length affect the length of the crypt?
Does 'aaa' yield a similar crypt to 'aab'?
Is there a maximum password length after which the password is truncated
before being hashed (think Unix crypt)?

At worst you can create a rainbow table for this implementation, assuming
you can automate password generation.

Jim


2009/7/15 <infolookup at gmail.com>

Hello All:

I am looking for some utilities/framework for testing  encryption schemes,
I am testing an application prior to production and I would like to know
what steps would one take to reverse the following:

Plain text password       Encrypted
 abcdef                   +PSTK8+K
 123456                   +3fYeUaJ


Thanks in advanced!
Sent from my Verizon Wireless BlackBerry
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090715/b2385319/attachment.htm

Current thread:

Figuring out Encryption Used infolookup at gmail.com (Jul 14)
- Figuring out Encryption Used Jim Halfpenny (Jul 15)
  - Figuring out Encryption Used infolookup at gmail.com (Jul 15)
    - Figuring out Encryption Used Chris Biettchert (Jul 15)