• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How do I determining the algorithm?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Zfield
Just Arrived
Just Arrived


Joined: 05 Jun 2010
Posts: 0


Offline

PostPosted: Sat Jun 05, 2010 5:23 pm    Post subject: How do I determining the algorithm? Reply with quote

I'm trying to figure out how to determine the algorithm used to encrypt a string.

When I run a network sniff while connecting to a specific web server, the java application I'm using to connect encrypts the data.

These are my results when testing different variations of the user/pass:

username: abc@123.com password:abc@123.com
web_username=abc@123.com&web_password=Vbrqw40IvfGS13yTE6zFzA==&key=FKvRoTLptOa83KZM8Dk18g==

username: abc@123.com password:a
web_username=abc@123.com&web_password=ciL36Wtk5ePs3BSH6VC84A==&key=FKvRoTLptOa83KZM8Dk18g==
username: abc@123.com password:b
web_username=abc@123.com&web_password=hK3WDoofvZ5+lcPvhfcz+g==&key=FKvRoTLptOa83KZM8Dk18g==
username: abc@123.com password:c
web_username=abc@123.com&web_password=j+g6oP5MlzNPqLV9puzQqA==&key=FKvRoTLptOa83KZM8Dk18g==

Now, when I change the username, I have noticed that a) the encrypted password string is different and b) the &key= is different.
username: different@123.com password: a
web_username=different@123.com&web_password=VnXtVPNu2+h5Bed+gTdx1w==&key=c/dK8bDuVxRhfHwDdq/FG/A==

*The original web password was originally url encoded (eg: instead of @ there was %40)

So far, I can tell that the encrypted password value includes data from the username and password.

My 3 questions:
What is the $key value used for?
Is the == (after the password and &key) a string terminator?
How can I determine the algorithm used to compute the encrypted value?

Thanks in advance for helping
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Sun Jun 06, 2010 8:15 pm    Post subject: Reply with quote

Since you make no mention of the product its difficult. In fact you might be better off asking the vendor unless you are up something dodgy.

Quote:
What is the $key value used for?
Lets take a guess at either a Hash salt or encryption key.

Quote:
Is the == (after the password and &key) a string terminator?
Yes, the strings are probably Base64 encoded.

Quote:
How can I determine the algorithm used to compute the encrypted value?
Yes, I suggest research. Either try some things out yourself or speak to the vendor etc etc.

Fire Ant
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register