WebApp Sec mailing list archives

Re: Encoding Schemes

From: Marcus Williams <marcus () quintic co uk>
Date: Wed, 09 Nov 2005 15:04:36 +0000

On 09/11/2005 Jason binger wrote:

I am reviewing a web app and I would like to know what
encoding scheme they are using to encode their
parameters.

123456 encodes to B8DCCEA11586
ABCDEF encodes to C8ACBED165F6

At a guess its a simple XOR scheme as most people think this is secureif you dont know the "secret" key that its been XOR'd with. The problemwith this is, if you know plaintext + cyphertext then if you XOR thesetogether, you know the "secret" password (almost, because they mayrepeat it or it may be longer than the text etc but you're halfway there- all you need is some longer examples to find this out)


So my guess is that UVWXYZ encodes to DCB8AACD79EA

Am I right or am I right?

Marcus


--
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK

Current thread:

Encoding Schemes Jason binger (Nov 09)
- Re: Encoding Schemes Rogan Dawes (Nov 09)
- Re: Encoding Schemes Marcus Williams (Nov 09)
- Re: Encoding Schemes ilaiy (Nov 09)
- Re: Encoding Schemes Peter Conrad (Nov 09)
- Re: Encoding Schemes Vasiliy (Nov 09)
- <Possible follow-ups>
- RE: Encoding Schemes David Knapman (Nov 09)
- RE: Encoding Schemes Griffiths, Ian (Nov 09)
- Re: Re: Encoding Schemes cisspstudy (Nov 09)
  - RE: Re: Encoding Schemes Lyal Collins (Nov 09)
  - Re: Encoding Schemes Haroon Meer (Nov 09)
  - Re: Encoding Schemes Byron L. Sonne (Nov 09)