EvilZone
Hacking and Security => Hacking and Security => : ftb August 29, 2013, 06:18:56 PM
-
Hello!
I have a question regarding decryption and would be grateful if someone, a bit more experienced then me in the matter (really not that hard), would lend me his own insights.
The long and the short of it is: is there a way to figure out the decryption method if I know
1)the encrypted text and
2)the result of the decryption ( the encrypted plain text in 1) ) ?
There is this web site which in one of its processes takes the plain text you submitted and stores it as encrypted text. So basically, I know what I have entered and I see what the outcome of the encryption is- but I don't know what the encryption method is.
For eg.
Plain text
asdf123
Encrypted 1000:1lRoEToUphRqpuof/1JpzPDUy1FOIoYu:caKyBrE8BTAlsTLYyQV91S90SKgLqOCn
The peculiar thing is, if I was to submit asdf123 again, it would shoot out a different encryption text, almost as if it was spouting out gibberish. But of course its not, since it recognizes the text later on.
As I stated earlier I am really not that versed in the matter but I used all of the online hash calculators I could find- to no avail. The constant in all of the different combinations that I have entered is that after the "1000:" there are 63charecters (without the special charecters ":", "+"...etc.). Also, for what its worth, it follows this pattern
[1000:];[random letters and numbers];[operation function symbol such as "+" or in upper case "/"];[random letters and numbers];[:];[random text and numbers]
That would be all I know- all input appreciated.
-
The attack vectors you might want to look into would be chosen-plaintext and distinguishing attack.
Are you certain they're not using some proprietary algorithm?
-
Sorry, took me a while to google out what you just told me :)
Distinguishing attack is probably the way to go, again it will take me some net digging to figure out how to do it, but from what I have seen there is very little of what remains as a constant when I re-enter the text in the 2nd attempt
I'm not really sure what would a proprietary algorithm be?
-
A bit more information would be nice.
The 1000 is probably some sort of iteration count.
Both base64-encoded strings that are separated by a colon are of the same length (24). Perhaps they are IV:ciphertext or vice-versa (you could test the order by processing a > 24 character string, the larger of the strings being the ciphertext)? This is supported by the fact that most (popular) cipher modes that employ IVs require IVs of the same length as the block.
If my hypothesis is correct, the block size would be 192 bits (24 * 8 _antiBBCode_), which I found rather strange. It would also eliminate AES from the possible algorithms (but not Rijndael) because AES operates exclusively on 128-bit blocks.
Oh, and the non-static IV is why every ciphertext looks different.
Most modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. The IV has to be non-repeating and for some modes random as well. The initialization vector is used to ensure distinct ciphertexts are produced even when the same plaintext is encrypted multiple times independently with the same key.
Alright, it turns out that it's for user passwords.
The format is probably IterationCount:Salt:Hash.
I don't really see the point in having a 192-bit salt as opposed to a 128-bit one if you don't have like 10,000,000 users.
I haven't seen many 192-bit hash functions other than Bcrypt, Tiger, and HAVAL.
Even then, the devs should be using PBKDF2 or something.
-
Please provide the URL for the website. I'd like to confirm some things. At current, it looks like a poorly coded attempt to generate a seeded hash. The seed would also be why it changes with each input attempt.