Solved

crypt key generate

Posted on 2004-10-20
9
248 Views
Last Modified: 2010-04-05
I have a problem, I have soft in my work, where cant users change password, ther can only when make new user set password only ADMIN and I want make smal app where users can change passwod , but  in DB (INTERBASE) these passwodrds saves crypted

example:
HMXV] is ADMIN
S^ON is LUDA
KRL[P]hY is DIANALUD
RJ]YXd is KARLIS
=>=CCJH is 6526495


are there have chance???


0
Comment
Question by:KarlisB
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:alzv
ID: 12359305
If that is not a secret, what soft do you use?

Regards, Alexey.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12359914
Consider using a hash instead. A hash can be calculated in only one direction. What you do is this:
A password is stored -> Calculate hash over password, store hash in database.
A password is compared -> Calculate hash over password and compare hash with the value stored in the database.

The SHA hash and the MD5 hash methods are quite strong, thus it would take a while before the hacker guesses the right password.

Encryption is only useful when you want to do something with the values, but in general you don't want to do anything with passwords stored in the database. But your application could remember the password entered by the current user, since it is validated with the database. But no user should be able to see passwords of other users anyway. I personally would feel very uncomfortable if the system administrator at work knew my password. He can change it if he wants but this will be noticed by me since my password becomes invalid afterwards.
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12366592
maybe you not understand the problem, is there chanse to make app in delphi who make crypting identical like soft in bookkeeping ??? For full solution I give the 1000 points
0
 
LVL 12

Expert Comment

by:Ivanov_G
ID: 12366889
Well, you have to know how the software read the crypted passwords. It seems to me that this is simple XOR algorythm, because the number of chars in crypted password is the same as the number of chars in the password itself. In XOR method, there are 2 integer numbers you have to "guess". After that you can make crypted passwords...
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 14

Accepted Solution

by:
DragonSlayer earned 250 total points
ID: 12367011
You mean to crack the above encryption? seems pretty easy for me...

function GetEncryptedValue(const S: string): string;
var
  i: Integer;
begin
  Result := '';
  for i := 1 to Length(S) do
    Result := Result + Char(Byte(S[i]) + 5 + (i * 2));
end;

Try it:

ShowMessage(GetEncryptedValue('ADMIN'));
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12367799
First of all, you cannot give 1000 points at EE without asking two different, valid questions.
Second, I'm not sure what you are trying to do. But if I have to guess, you're trying to guess how InterBase encrypts the passwords so you can encrypt new passwords yourself? Well, DragonSlayer gave the answer for you for your example but it depends on the software that you're using. If above example comes from your database then DragonSlayer has it cracked. If not, then the encryption might be quite difficult to crack. It could well be that they're even using hashes in which case you can never get the original password back.

But if above example of yours is from the database then the security of that software product sucks big time...
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12368164
Thanks  DragonSlayer its work
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368206
Yea, the encryption is lame ;-)
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368211
Now, where is my 1000 points? LoL... heheheheh
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Introduction The parallel port is a very commonly known port, it was widely used to connect a printer to the PC, if you look at the back of your computer, for those who don't have newer computers, there will be a port with 25 pins and a small print…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now