#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0

    Question Password Encryption


    I have a program I need to break into. The username and password are stored in a MS SQL table. I can access them easily thourgh the enterprise management console to see the username and password fields. The username is stored in uppercase cleartext, the password is not. There is some sort of math that is applied to the password to come up with something incoherent.

    I know the passwords of other users, and I was hoping it was going to be a basic look up table. A always equals Z or some such, but this doesn't seem to be the case.

    My boss changed her password from what it was to "aaaaa" (no quotes). The password in the table then changed, but it changed to, ")3,.4". (Again, no quotes.)

    You will see that if you have a 5 letter PW, the excrypted version will also be 5 letters. I found this to be true with all fo the passwords that I know.

    Another user's PW is "tequila" the encrypted version is, ">9>D>B,".

    From what I can see, the characters available for the encryption are upper and lower case characters as well as numbers and symbols. I am curious is maybe it's the ascii lookup table that they are using. A = 168 and such.

    All help is greatly appreciated!

    -Matt
  2. #2
  3. Wiking
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Sep 2000
    Location
    Sweden
    Posts
    3,608
    Rep Power
    26
    What do you need this for?
    I mean, you've got both some usernames and passwords, so if you need to log in as someone just update the encrypted password to something you know...
    Or do you just want to crack the encryption algorithm?

    //NoXcuz
    UN*X is sexy!
    who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep

IMN logo majestic logo threadwatch logo seochat tools logo