Hi Jim, Thanks for the reply so far I have noticed the following; 1. The minimum clear text password length is six. 2. Even when I create a 9/20 characters plain text password, the encrypted password/hash is still 8 characters in length. 3.I can't automate password creation I have to create a user account then assign it a password then chose create USB key file and that's how the system exports the password. Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Jim Halfpenny <[email protected]> Date: Wed, 15 Jul 2009 10:34:00 To: <[email protected]>; PaulDotCom Security Weekly Mailing List<[email protected]> Subject: Re: [Pauldotcom] Figuring out Encryption Used Hi, If you do this kind of known plaintext activity then start by generating a dictionary mapping passwords to hashes. Start with single characters and work up. Is the length of the crypt the same each time? Does the password length affect the length of the crypt? Does 'aaa' yield a similar crypt to 'aab'? Is there a maximum password length after which the password is truncated before being hashed (think Unix crypt)? At worst you can create a rainbow table for this implementation, assuming you can automate password generation. Jim 2009/7/15 <[email protected]> > Hello All: > > I am looking for some utilities/framework for testing encryption schemes, > I am testing an application prior to production and I would like to know > what steps would one take to reverse the following: > > Plain text password Encrypted > abcdef +PSTK8+K > 123456 +3fYeUaJ > > > Thanks in advanced! > Sent from my Verizon Wireless BlackBerry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
