WebApp Sec mailing list archives
Re: Encoding Schemes
From: Marcus Williams <marcus () quintic co uk>
Date: Wed, 09 Nov 2005 15:04:36 +0000
On 09/11/2005 Jason binger wrote:
I am reviewing a web app and I would like to know what encoding scheme they are using to encode their parameters. 123456 encodes to B8DCCEA11586 ABCDEF encodes to C8ACBED165F6
At a guess its a simple XOR scheme as most people think this is secure if you dont know the "secret" key that its been XOR'd with. The problem with this is, if you know plaintext + cyphertext then if you XOR these together, you know the "secret" password (almost, because they may repeat it or it may be longer than the text etc but you're halfway there - all you need is some longer examples to find this out)
So my guess is that UVWXYZ encodes to DCB8AACD79EA Am I right or am I right? Marcus -- Marcus Williams -- http://www.cad-schroer.co.uk CAD Schroer UK, 39 Newnham Road, Cambridge, UK
Current thread:
- Encoding Schemes Jason binger (Nov 09)
- Re: Encoding Schemes Rogan Dawes (Nov 09)
- Re: Encoding Schemes Marcus Williams (Nov 09)
- Re: Encoding Schemes ilaiy (Nov 09)
- Re: Encoding Schemes Peter Conrad (Nov 09)
- Re: Encoding Schemes Vasiliy (Nov 09)
- <Possible follow-ups>
- RE: Encoding Schemes David Knapman (Nov 09)
- RE: Encoding Schemes Griffiths, Ian (Nov 09)
- Re: Re: Encoding Schemes cisspstudy (Nov 09)
- RE: Re: Encoding Schemes Lyal Collins (Nov 09)
- Re: Encoding Schemes Haroon Meer (Nov 09)
- Re: Encoding Schemes Byron L. Sonne (Nov 09)