Home page logo
/

bugtraq logo Bugtraq mailing list archives

E*TRADE's encryption algorithm is XOR
From: Tim Hollebeek <thollebeek () CIGITAL COM>
Date: Wed, 27 Sep 2000 14:51:18 -0400

Jeffrey Baker's advisory on security vulnerabilities with E*TRADE's web
interface describes the cookie encryption algorithm in terms of a lookup
table, and Marc Slemko has posted an implementation with a series of
compares, additions, and subtractions.

In fact, it is much worse: The encryption scheme is just XOR with a fixed
byte.

"Encryption" proceeds as follows:

1. Take the ASCII byte and XOR it with 0xA8.                   (e.g. for 'f'
[0x66] -> [0xCE])

2. Split it into the high and low nibbles.                     (e.g. [0xCE]
-> [0xC, 0xE])

3. Add 0x40 to produce an uppercase letter or '@'              (e.g. [0xC,
0xE] -> "LN")

Repeat for the rest of the characters in the username and password.  That's
it.

Tim Hollebeek
Cigital, Inc.
(formerly Reliable Software Technologies)


  By Date           By Thread  

Current thread:
  • E*TRADE's encryption algorithm is XOR Tim Hollebeek (Sep 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault