Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

password challenge

  • 22-07-2003 3:59pm
    #1
    Closed Accounts Posts: 495 ✭✭


    Hi,

    I hope I am posting in the right forum here.

    I have a small problem that I cannot find the solution to, so I am looking to the brainboxes here.

    I have a small off the shelf ticket tracking application that allows users to log on and submit/browse problems. The logon is secured via username/password.

    If I look in the database where these values are stored, I can see an encrypted form of the password.

    can anybody see an obvious pattern to the encryption here?

    I have made a logon, and tried various passwords, and I get the impression that each char of the password is changed and stored as a hex value


    Username: 1
    password 1: abc database: ac9d86
    password 2: cba database: ad9e84
    password 3: a database: ac
    Password 4: b database: ad
    password 5: c database:ae
    password 6: abcd database: ac9d86b9

    if anyone can see what the key is I would greatly appreciate it.

    p.s. This is not being used for any malicious intent, I need to read the passwords from the database, and check then against what the user enters in a asp form.


Comments

  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    When the hexadecimal values of "a" 0x61 & "c" 0x63
    are xor'ed against known value 0xCD.
    The result is 0xAC & 0xAE, but 0xAF for character "b" 0x62
    which doesn't appear to be right...so maybe its not an xor.

    When "a","b" & "c" are added to known value 0x4B you
    get 0xAC,0xAD & 0xAE in same order, which would seem
    correct at first.

    But it is wrong given that password 2: which begins with c
    ends up with a value of 0xAD. -1 what was expected,
    perhaps that is a mistype?..or i'm completely wrong.

    I think its an addition of known values..just a guess, of course.
    The key for calculating 4 length password would be:

    0x4B, 0x3B, 0x23, 0x55

    I'm not saying its right, but it may help you find the right key.

    You would need to give more (longer)password examples to get this key properly.


  • Closed Accounts Posts: 495 ✭✭Beëlzebooze


    average joe,

    that was it, it is a simple addition, my typo did throw you off, but you got it any way.

    Thanks for that.


Advertisement