Encryption Question
Moderator: General Moderators
-
sell-traffic
- Forum Commoner
- Posts: 26
- Joined: Thu Aug 05, 2004 9:35 pm
Encryption Question
Hi,
I'm trying to remotely add users into the third party billing software I purchased. It's CGI driven, and uses a mysql database. I can add all the fields in just fine, but the password field is encrypted. Is there any way to find out what encryption algorithm was used?
I've put in a test details, and tested against a few encryption algorithms, like MD5, and MD4, but none of them match up.
123 became AJv7d2hNaRyJA
Of course, if he's using a custom encryption algorithm I can't accomplish this, but I thought maybe one of you experts would recognize the encryption.
Josh
I'm trying to remotely add users into the third party billing software I purchased. It's CGI driven, and uses a mysql database. I can add all the fields in just fine, but the password field is encrypted. Is there any way to find out what encryption algorithm was used?
I've put in a test details, and tested against a few encryption algorithms, like MD5, and MD4, but none of them match up.
123 became AJv7d2hNaRyJA
Of course, if he's using a custom encryption algorithm I can't accomplish this, but I thought maybe one of you experts would recognize the encryption.
Josh
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
sell-traffic
- Forum Commoner
- Posts: 26
- Joined: Thu Aug 05, 2004 9:35 pm
It's using crypt() (standard DES) to produce a password in .htaccess format.
I can't see how 123 becomes AJv7d2hNaRyJA but the other two match up ok.
The first 2 letters (AJ, EK and AN) are randomly generated salts by the look of it.
I can't see how 123 becomes AJv7d2hNaRyJA but the other two match up ok.
Code: Select all
$salt = 'EK'; //in reality this is probably randomly generated
$password = 'bye';
$hash = crypt($password, $salt);
echo $hash; //outputs EK9sKj32hh0Poyou are smart 
i observed the behaviour of crypt function and found followings
1) if you dont use a salt, function choose it randomly.
2) if you give a salt to the function, and just first two characters of the salt considered.
3)empty character is $
and wrote the following code for 123, but i got many NOT FOUND
i observed the behaviour of crypt function and found followings
1) if you dont use a salt, function choose it randomly.
2) if you give a salt to the function, and just first two characters of the salt considered.
3)empty character is $
and wrote the following code for 123, but i got many NOT FOUND
Code: Select all
<?php
$arr="ABCDEFGHIJKLMNOPQRSTUVWYZXabcdefghijklmnopqrstuvwyz1234567890";
$text = "123";
$result = "AJv7d2hNaRyJA";
for($i=0;$i<strlen($arr);$i++){
for($j=0;$j<strlen($arr);$j++){
$salt = '$arr[$i]$arr[$j]';
$hashv = crypt($text,$salt);
if(strcmp($result,$hashv) == 0){
echo $salt;
exit;
}else{
echo "NOT FOUND\n";
}
}
}
?>