#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0

    Talking Password Algorithm - A CHALLENGE!


    I have a program I need to break into. The username and password are stored in a MS SQL table. I can access them easily thourgh the enterprise management console to see the username and password fields. The username is stored in uppercase cleartext, the password is not. There is some sort of math that is applied to the password to come up with something incoherent.

    I know the passwords of other users, and I was hoping it was going to be a basic look up table. A always equals Z or some such, but this doesn't seem to be the case.

    My boss changed her password from what it was to "aaaaa" (no quotes). The password in the table then changed, but it changed to, ")3,.4". (Again, no quotes.)

    You will see that if you have a 5 letter PW, the excrypted version will also be 5 letters. I found this to be true with all fo the passwords that I know.

    Another user's PW is "tequila" the encrypted version is, ">9>D>B,".

    From what I can see, the characters available for the encryption are upper and lower case characters as well as numbers and symbols. I am curious is maybe it's the ascii lookup table that they are using. A = 168 and such.

    All help is greatly appreciated!

    -Matt
  2. #2
  3. Wiking
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Sep 2000
    Location
    Sweden
    Posts
    3,608
    Rep Power
    26
    Since you've posted the thread here, you might wanna delete the one in the General DB forum. It fits better here...

    //NoXcuz
    UN*X is sexy!
    who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Oct 2000
    Location
    Back in the real world.
    Posts
    5,966
    Rep Power
    190
    uh oh mathieu, with the one i answered to in the C forum, this makes at least three.

    please donīt cross-post here, delete all but one (edit the first message, check "delete", press "delete now").

    And read the forum rules!
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0
    Thanks guys,
    I will delete the other ones, I figured it would fit here best, but it didn't look like this forum got much action...

    Not here to break rules, just trying to get coverage.
  8. #5
  9. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2002
    Location
    Buffalo, NY
    Posts
    18
    Rep Power
    0
    NoXcuz I'm trying to break the algorythm for two reasons, one because I'm interested in it, and two because I need to the password of another user without them knowing it so I can track them through the system since they are doing things deemed as no-nos.

    M. Hirsch, I would love to delete the other two posts, but when I click the edit button it tells me I don't have access...
  10. #6
  11. No Profile Picture
    Moderator =(8^(|)
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2002
    Location
    Sacramento, CA
    Posts
    1,710
    Rep Power
    14
    Well, presumably you can't just look at the code that's making the password...
    Got a few space hours? Want to try brute force? You've got the number of characters in the password, so writing a programs that tries everything that long until it matches the encrypted string shouldn't take that long.
  12. #7
  13. Wiking
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Sep 2000
    Location
    Sweden
    Posts
    3,608
    Rep Power
    26
    Since the ethical aspects of this hasn't been mentioned, you could also install a sniffer that logs keystrokes etc from the user(s). Then you'd just have to parse the logfiles...

    //NoXcuz
    UN*X is sexy!
    who | grep -i blonde | date; cd ~; unzip; touch; strip; finger; mount; gasp; yes; uptime; umount; sleep
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Posts
    19
    Rep Power
    0
    well

    since he is posting this question in algorithms forum not hacking forum I think he is asking about an algorithm used to either encrypt or decrypt those words, not about how to break into the system ..


    AbuAnas
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2001
    Location
    Dublin
    Posts
    413
    Rep Power
    14
    Can you start with something small (1 / 2 chars) and tabulate what the different characters possible in the password would correspond to in the lookup table?
    See if this extends to more characters. Determine whether their is a one to one relationship between the unencrypted password and the encrypted one.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Location
    Hellas
    Posts
    46
    Rep Power
    14

    Encryption algorythm?


    if the stored passwords are converted through a known algorythm before they stored, you can use its decode function to get the real password.

    but there are also known encryption algorythms that does not heve a decode function. if it is that last then I don't think you can do anything. The same goes if the passwords are stored using the mysql password() function.

IMN logo majestic logo threadwatch logo seochat tools logo