Password
Author
I have a problem with some password.
I have original password:
J21/251/1994
and result of encrypt...
•db_ejb_csri
I think to find code ASCII for all of number/letter but i don't see any similitude
I need to find the algoritm whice used for this encrypt.
How i think?
You could ask the program makers, check the program documentation or, if available, the program source.
Usually, passwords are hashed using hash functions, and not encrypted (that is, you cannot compute the password from the hash).
Usually, passwords are hashed using hash functions, and not encrypted (that is, you cannot compute the password from the hash).
first similitude i see is that / is converted into _
9s are converted into different letters, so the "/"s can be an exception.
but if the password is really encrypted and not hashed, it's definitely not a simple shift in ASCII. each current letter may be based on the code of the previous one, that's what's making similar end different, for example. check out how the german enigma machine worked (on wikipedia, for instance), if you want a basic intro in crypto.
9s are converted into different letters, so the "/"s can be an exception.
but if the password is really encrypted and not hashed, it's definitely not a simple shift in ASCII. each current letter may be based on the code of the previous one, that's what's making similar end different, for example. check out how the german enigma machine worked (on wikipedia, for instance), if you want a basic intro in crypto.
good password systems are not reversible. generally the pattern is this:
user enters password
password is encrypted/hashed and stored in encrypted form
user re-enters password
password is encrypted
you compare the encrypted with the stored encrypted version
i.e. you never ever store the original password. and you choose an algorithm that is not reversible.
-me
user enters password
password is encrypted/hashed and stored in encrypted form
user re-enters password
password is encrypted
you compare the encrypted with the stored encrypted version
i.e. you never ever store the original password. and you choose an algorithm that is not reversible.
-me
Author
So... i maybe have no chance to find this algoritm... so bad :(. If you have some interesting exmples for encryped a password, tell me.
This problem is not closed, if someone have an idea tell me .
Regards, your flea :)
This problem is not closed, if someone have an idea tell me .
Regards, your flea :)
typically people use MD5 or some variant thereof. It offers good hashing with very little chance of a collision. It is also not reversible (although since it is deterministic people have been created databases of hashed words so that you can do reverse lookup)
-me
-me
Quote:Original post by TheFlea
I have a problem with some password.
I have original password:
J21/251/1994
and result of encrypt...
•db_ejb_csri
I think to find code ASCII for all of number/letter but I don't see any similitude
I need to find the algoritm whice used for this encrypt.
How i think?
You can find the algorithm used on your own through brute force along with trial and error. I can already tell you it’s probably some form of a substitution or rotating cipher, it is not hashed. You can tell this by the fact that "/" yields "_" along with "1" yielding "b" and "1" -> "c" The alphabetical characters "b" and "c" along with "d" and "e" are close within the ASCII table with only like 1 letter apart difference so +-1. Chances are it is a cipher that does something like:
int value = (int)password;
value += someNumber; OR value -= someNumber;
char newLetter = (char)value;
It may also add or subtract 1 number from the variable someNumber based on its location within the array. I suggest you start by looking at the difference from the entered value and produced value. Find the numeric value that was added or subtracted that made it reach the second value. int('2') - int('d') and so forth.
That looks like quite a weak cipher to be honest. If you are looking to write your own cipher, use something that has already been made and combine it with a few others.
[Edited by - DevLiquidKnight on November 17, 2006 4:35:16 PM]
Problem with fixed-length irreversible encryption (a la MD5) is that all the algorithms I've heard of have things called 'collissions'. Where say in the fictional encryption algorithm FEQ17 the encrypted version of 'cat' is 'ab4df456ab432'. But, the encrypted version of 'dog' may also be 'ab4df456ab432'. Therefore if I make an account with the password 'cat' and you're checking encryptions then I can enter 'dog' and gain access because they have the same encryption.
'Course you have to know the algorithm and the encrypted password before you can do it.
'Course you have to know the algorithm and the encrypted password before you can do it.
Quote:'Course you have to know the algorithm and the encrypted password before you can do it.
It also has to be an insecure algorithm, OR you have to be willing to spend billions of years searching for collisions.
Quote:Original post by Sneftel
It also has to be an insecure algorithm, OR you have to be willing to spend billions of years searching for collisions.
What about the birthday paradox?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
