Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: Which crypto algorithm? was: Communicator 4.5 stores

Re: Which crypto algorithm? was: Communicator 4.5 stores

Thievco (thievcoSPRITE.NETNATION.COM)
Fri, 6 Nov 1998 16:07:45 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Holger van Lengerich: "NS-C4.5 & Mail-Passwords"
Previous message: Adrian Voinea: "XFree86 3.3.2's setup tool /tmp race"

>Does anybody know the algorithm used to encrypt the passwords in
>Communicator??

Apparantly, it takes the plaintext, xors it with a fixed string,
and base64 encodes the result:

use MIME::Base64;
print ((decode_base64('NLyIPunfKw==')) ^ ("\x56" . "\xc9" . "\xef" .
"\x4a" . "\x9b" . "\xbe" . "\x5a"));

You need the MIME perl module.

This one is good up to 7 characters, because that's how long a couple of
POP passwords I have are :)

Should be pretty straightforward to extend beyond 7 characters.. just take
the encoded string from the prefs file, base64 decode it, and xor it with
your password in plaintext.  What you'll get is the fixed string to xor
with.. just extend the bytes I have above.  The sequence of bytes is
non-obvious as to the meaning (at least to me.)  It doesn't spell anything
in ASCII.  Let me know if it doesn't work on your passwords.. I'm curious.
I only had a couple to try.

                                                BB

Next message: Holger van Lengerich: "NS-C4.5 & Mail-Passwords"
Previous message: Adrian Voinea: "XFree86 3.3.2's setup tool /tmp race"