Password encryption

I have a program I need to break into. The username and password are stored in a MS SQL table. I can access them easily thourgh the enterprise management console to see the username and password fields. The username is stored in uppercase cleartext, the password is not. There is some sort of math that is applied to the password to come up with something incoherent.

I know the passwords of other users, and I was hoping it was going to be a basic look up table. A always equals Z or some such, but this doesn't seem to be the case.

My boss changed her password from what it was to "aaaaa" (no quotes). The password in the table then changed, but it changed to, ")3,.4". (Again, no quotes.)

You will see that if you have a 5 letter PW, the excrypted version will also be 5 letters. I found this to be true with all fo the passwords that I know.

Another user's PW is "tequila" the encrypted version is, ">9>D>B,".

From what I can see, the characters available for the encryption are upper and lower case characters as well as numbers and symbols. I am curious is maybe it's the ascii lookup table that they are using. A = 168 and such.

All help is greatly appreciated!

-Matt

If "tequila" = ">9>D>B," then obviously the characters displayed are meaningless. The character ">" can't unencrypt to both "t", "q" and "i".

Find out what the ASCII values of each of the letters are and maybe you can spot a pattern. If you're lucky, they didn't use a very sophisticated encryption algorithm.

SELECT ASCII(SUBSTRING(fieldname, 1, 1)) FROM tablename
SELECT ASCII(SUBSTRING(fieldname, 1, 2)) FROM tablename
.
.
SELECT ASCII(SUBSTRING(fieldname, 1, n)) FROM tablename

i hope it is ok to post links like that, but here you go:

http://astalavista.box.sk/cgi-bin/robot?srch=mssql

disclaimer: i take no resposibility for this link. enter at your own risk. i don´t ever visit this particular or related sites. i just remembered that i found it by accident on google one day.

anyway, off-topic, so shame on you!

to dcaillouet: two same chars can decrypt to different ones since their position could matter

ps. since we all are programmers, and you seem to have local access to the database, why not brute-force it? or get a dictionary text file and write a little program - didn´t you watch hackers?

Since you have access to the database, would it be possible for you to run a command similar to the following:

UPDATE tablename
SET tablename.password = b.password
FROM tablename, tablename b
WHERE tablename.user = 'my boss'
AND b.user = 'my co-worker'

Depending on the algorithm used, your boss could then login using "tequila" because in the database she would have ">9>D>B," too. (I'm hoping in this case that the passwords are encrypted using some kind of fixed algorithm instead of one that uses a variable key).

Just throwing out ideas...

I cross posted this in algorythms, and I tried to delete this here to stay within the rules, but it said I didn't have access to delete it.

M. Hirsch I didn't think it was off topic if the algorythm may have been created in C or C++, so I think I'm ok...

Please see this thread, I didn't think this would get as many replys as it did!

http://forums.devshed.com/showthrea...5958&forumid=43

dcaillouet it was pretty obvious that it's not a look up table, when a second user changed their password to aaaaa the same password appeared, so I wonder if there is a lookup table with an offset to the position of the letter in the word. I will do more testing...

it IS off-topic. there is an algorithms forum and i think the lounge is a good place to discuss this too.

it is off-topic because
- this forum is about c programming
- your question is not. at least not specifically. read thread #1 in this forum (labeled "sticky").
- it really does not matter at all if the algorithm is made in c or not, any programming language and even paper and pen could do this.

do you get the point?

nevermind...