Security Basics mailing list archives

Re: discover encryption method

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 8 Jan 2008 11:15:13 +0200 (IST)

On Mon, 7 Jan 2008 richard () tortoise demon co uk wrote:

The application I'm dealing with can somehow present the passwords
in cleartext in it's user interface, and so is somehow
reconstructing the text from the encrypted value. I'm supposing it
to be encrypted using some secret key held within the application,
but I know neither the key or the method.


If it uses real encryption (say, AES) and you don't know the key, you
will not be able to find it by investigating password-ciphertext pair
(you will have to RE the software), but the chances are high that the
method is something very trivial, like ROT13 or base64 or xor with
some fixed value. Post some examples of `encryption' of, say, `a'
repeated different number of times and same for `b': if the method is
weak you will see repetitions in the ciphertext or constant difference
between results for `a' and `b'.

-- 
Regards,
ASK

Current thread:

discover encryption method richard (Jan 07)
- Re: discover encryption method Bipin Upadhyay (Jan 07)
  - Re: discover encryption method richard (Jan 07)
    - Re: discover encryption method Alexander Klimov (Jan 08)
    - Re: discover encryption method richard (Jan 08)
    - Re: discover encryption method Tofig Gasanov (Jan 08)
    - Re: discover encryption method Alexander Klimov (Jan 09)
    - RE: Re: discover encryption method Worrell, Brian (Jan 08)
    - Email security - gateway WALI (Jan 08)
    - RE: Email security - gateway Bill Lavalette (Jan 08)
    - Re: Email security - gateway Josh Haft (Jan 08)
    - Re: Email security - gateway John Mason Jr (Jan 08)
    - RE: Email security - gateway Krzyston, Randy (Jan 09)
    - RE: Email security - gateway Wilson Mosquera Q. (Jan 09)

(Thread continues...)