Page 1 of 1

Encryption Question

Posted: Wed Sep 15, 2004 3:10 pm
by sell-traffic
Hi,

I'm trying to remotely add users into the third party billing software I purchased. It's CGI driven, and uses a mysql database. I can add all the fields in just fine, but the password field is encrypted. Is there any way to find out what encryption algorithm was used?

I've put in a test details, and tested against a few encryption algorithms, like MD5, and MD4, but none of them match up.

123 became AJv7d2hNaRyJA

Of course, if he's using a custom encryption algorithm I can't accomplish this, but I thought maybe one of you experts would recognize the encryption.

Josh

Posted: Wed Sep 15, 2004 3:15 pm
by kettle_drum
It could be DES. The simple suggestion would be to either ask the company you bought it from, or have a look at their code if you can.

Posted: Wed Sep 15, 2004 3:24 pm
by John Cartwright
Yea, just duplicate the method they use to check passwords..

Posted: Wed Sep 15, 2004 6:39 pm
by dethron
give some other examples to attack using known plaintext.
i dont think it is DES.(just a feeling), let me do some further cheks.

Posted: Wed Sep 15, 2004 6:52 pm
by sell-traffic
thanks...

bye becomes EK9sKj32hh0Po
123 becomes AJv7d2hNaRyJA
test becomes ANrVgKZtJMzvA

Posted: Wed Sep 15, 2004 7:04 pm
by dethron
It is not an encryption algorithm, it is just hashing.
MD5 and MD4 is not encyption methods. They are just hashing functions.
They are used to verify data integrity.
Can i see your interface, if i can try, it will be easy to find the method.

Posted: Wed Sep 15, 2004 8:04 pm
by markl999
It's using crypt() (standard DES) to produce a password in .htaccess format.
I can't see how 123 becomes AJv7d2hNaRyJA but the other two match up ok.

Code: Select all

$salt = 'EK'; //in reality this is probably randomly generated
$password = 'bye';
$hash = crypt($password, $salt);
echo $hash; //outputs EK9sKj32hh0Po
The first 2 letters (AJ, EK and AN) are randomly generated salts by the look of it.

Posted: Wed Sep 15, 2004 8:17 pm
by dethron
how did you guess the salt?

crypt -- One-way string encryption (hashing)

Posted: Wed Sep 15, 2004 8:24 pm
by markl999
bye becomes EK9sKj32hh0Po
123 becomes AJv7d2hNaRyJA
test becomes ANrVgKZtJMzvA
In standard DES crypt the salt is the first 2 characters ;)
The 123 one doesn't add up though, if the salt was AJ then it would produce AJC5kb1wg2bVw not AJv7d2hNaRyJA ... might have just been a typo *shrug*

Posted: Wed Sep 15, 2004 8:40 pm
by dethron
you are smart :)
i observed the behaviour of crypt function and found followings

1) if you dont use a salt, function choose it randomly.
2) if you give a salt to the function, and just first two characters of the salt considered.
3)empty character is $

and wrote the following code for 123, but i got many NOT FOUND :(

Code: Select all

<?php
	$arr="ABCDEFGHIJKLMNOPQRSTUVWYZXabcdefghijklmnopqrstuvwyz1234567890";
	$text = "123";
	$result = "AJv7d2hNaRyJA";

	for($i=0;$i<strlen($arr);$i++){
		for($j=0;$j<strlen($arr);$j++){
			$salt = '$arr[$i]$arr[$j]';
			$hashv = crypt($text,$salt);
			if(strcmp($result,$hashv) == 0){
				echo $salt;
				exit;
			}else{
				echo "NOT FOUND\n";
			}
				
		}
	}
?>

Posted: Wed Sep 15, 2004 8:42 pm
by markl999
Yeah, i'm pretty sure 123 didn't produce that hash that it claimed to ;)