password challenge

Beëlzebooze

Hi,

I hope I am posting in the right forum here.

I have a small problem that I cannot find the solution to, so I am looking to the brainboxes here.

I have a small off the shelf ticket tracking application that allows users to log on and submit/browse problems. The logon is secured via username/password.

If I look in the database where these values are stored, I can see an encrypted form of the password.

can anybody see an obvious pattern to the encryption here?

I have made a logon, and tried various passwords, and I get the impression that each char of the password is changed and stored as a hex value


Username: 1
password 1: abc database: ac9d86
password 2: cba database: ad9e84
password 3: a database: ac
Password 4: b database: ad
password 5: c database:ae
password 6: abcd database: ac9d86b9

if anyone can see what the key is I would greatly appreciate it.

p.s. This is not being used for any malicious intent, I need to read the passwords from the database, and check then against what the user enters in a asp form.

Martyr

When the hexadecimal values of "a" 0x61 & "c" 0x63
are xor'ed against known value 0xCD.
The result is 0xAC & 0xAE, but 0xAF for character "b" 0x62
which doesn't appear to be right...so maybe its not an xor.

When "a","b" & "c" are added to known value 0x4B you
get 0xAC,0xAD & 0xAE in same order, which would seem
correct at first.

But it is wrong given that password 2: which begins with c
ends up with a value of 0xAD. -1 what was expected,
perhaps that is a mistype?..or i'm completely wrong.

I think its an addition of known values..just a guess, of course.
The key for calculating 4 length password would be:

0x4B, 0x3B, 0x23, 0x55

I'm not saying its right, but it may help you find the right key.

You would need to give more (longer)password examples to get this key properly.

Beëlzebooze

average joe,

that was it, it is a simple addition, my typo did throw you off, but you got it any way.

Thanks for that.