RE: Does anybody know about encrypting algorithm of Everest Icode?

["Alex Eden" <Alex.Eden () senet-int com>]

Looks to me like md5. A bit too short for sha1 or sha2.

When I'm not sure, I just add a record with all known values. Then take the
know value and hash it using different algorithms, and then just compare the
resulting strings.

Even though in your case this approach may not work as REF_NO is probably a
random (okay, pseudo-random) generated string used in a cookie or session ID
or as a transaction reference number, or all of the above.

You may want to try buying (or getting for free) MD5 rainbow tables. I
haven't looked at those in a while, but when I last used them, the free ones
were not sufficient to crack longer complex strings. The last time I tried
rainbow tables I used them for cracking sha1 fatwire cms passwords.

 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of ????
Sent: Monday, January 19, 2009 5:59 AM
To: pen-test () securityfocus com
Subject: Does anybody know about encrypting algorithm of Everest Icode?

I'm pentesting some servers for my clients. There is encrypted field in
msssql database.
REF_NO -> 1E682975FA1988662A742C830720946F

In asp script the line is vData =
objShoppingCartUpd.CreateOrderFromCart(sConnectionString,sCartId,vChoice,sCCr
esult,rsOrder,iResult)
where rsOrder("REF_NO") is a normal string.
Does anybody know about encrypting algorithm of Everest Icode system? Or
where can i get it?