Re: RE: Password secured using?

From: Krugger (merc4krugger@gmail.com)
Date: Wed Apr 26 2006 - 22:40:49 EDT


So it isn't a hash as a hash should always produce the same lenght of
output and the same input should always produce the same output.

The encryption of "a" produce various results.
It could be some sort of XOR with username or the first 4 bits can be
a salt for inicializing a XOR generator, because for the first letter
it needs 4 extra bits, then for the remaining letter is need the same
8bits that a ascii caracter would ocupy. It can't be anything high
grade as there is no padding.

ascii a - 0x61 - 0110 0001

is converted to

(assuming the first 4bits are the salt then these are the XOR masks)
- 707 - 0111 0000 0111 -> Xor mask 0110 0110
- a5b - 1010 0101 1011 -> Xor mask 0011 1010
- 553 - 0101 0101 0011 -> Xor mask 0011 0010
- 285 - 0010 1000 0101 -> Xor mask 1110 0100
- 358 - 0011 0101 1000 -> Xor mask 0011 1001

Applying it to the bigger ones

aaa - 0x616161 - 0110 0001 0110 0001 0110 0001

(hex - binary of the hex - supposed xor mask)
0401785 - 0000 0100 0000 0001 0111 1000 0101 -> 0010 0001 0111 0110 1110 0100
83e455b - 1000 0011 1110 0100 0101 0101 1011 -> 0101 1111 0010 0100 0011 1010
9455b40 - 1001 0100 0101 0101 1011 0100 0000 -> 0010 0100 0011 1010 0010 0001

So I can't see any pattern there but you should check if the xor masks
fit and try to change the content based on the same XOR mask. And if
the salt are only 16 you can easily get them all with big
aaaaaaaaaaaaaaa passwords so you get the Xor mask that each salt
generates.

Another possibility it could be a salt for a simple XOR chaining in
which the output is reintroduced as the XOR key.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:53 EDT