Re: Cracking simple password encryption

[Chris Largret <largret () gmail com>]

On Wed, 2005-12-21 at 17:23 -0800, David Hogue wrote:
> Hi All,
>
> I am trying to figure out the password encryption scheme used by some
> software and haven't had much luck yet.  I was wondering if anyone on
> here might be able to give me some pointers.
>
> A little while ago I remember some discussion on this list (I think it
> was this list anyway) about decrypting passwords that were XOR
> encrypted.  I can't seem to find that discussion though.
>
> I have a few example passwords and I can see a pattern emerging:
>
> password        crypted
> a               aQ==
> b               cg==
> c               ew==
> aa              aWo=
> ab              aXE=
> cc              e3g=
> aaa             aWpq
> aab             aWpx
> abb             aXFx
> bbb             cnFx

Here's what I see at first glance:

1) The '=' sign is used for padding (MIME encoding uses padding, I
believe)
2) It could be based on the character value. Look at the first letters.
'c' is two letters from 'a', and has been rotated two more letters over
in the crypt (making it 'e'). 'a' is not rotated at all. 'b' is rotated
one more letter ('c'). I'd bet with a larger set of crypts that this is
repeatable.

HTH,

--
Chris Largret <http://daga.dyndns.org>


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------