Solved

crypt key generate

Posted on 2004-10-20
9
250 Views
Last Modified: 2010-04-05
I have a problem, I have soft in my work, where cant users change password, ther can only when make new user set password only ADMIN and I want make smal app where users can change passwod , but  in DB (INTERBASE) these passwodrds saves crypted

example:
HMXV] is ADMIN
S^ON is LUDA
KRL[P]hY is DIANALUD
RJ]YXd is KARLIS
=>=CCJH is 6526495


are there have chance???


0
Comment
Question by:KarlisB
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:alzv
ID: 12359305
If that is not a secret, what soft do you use?

Regards, Alexey.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12359914
Consider using a hash instead. A hash can be calculated in only one direction. What you do is this:
A password is stored -> Calculate hash over password, store hash in database.
A password is compared -> Calculate hash over password and compare hash with the value stored in the database.

The SHA hash and the MD5 hash methods are quite strong, thus it would take a while before the hacker guesses the right password.

Encryption is only useful when you want to do something with the values, but in general you don't want to do anything with passwords stored in the database. But your application could remember the password entered by the current user, since it is validated with the database. But no user should be able to see passwords of other users anyway. I personally would feel very uncomfortable if the system administrator at work knew my password. He can change it if he wants but this will be noticed by me since my password becomes invalid afterwards.
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12366592
maybe you not understand the problem, is there chanse to make app in delphi who make crypting identical like soft in bookkeeping ??? For full solution I give the 1000 points
0
 
LVL 12

Expert Comment

by:Ivanov_G
ID: 12366889
Well, you have to know how the software read the crypted passwords. It seems to me that this is simple XOR algorythm, because the number of chars in crypted password is the same as the number of chars in the password itself. In XOR method, there are 2 integer numbers you have to "guess". After that you can make crypted passwords...
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 14

Accepted Solution

by:
DragonSlayer earned 250 total points
ID: 12367011
You mean to crack the above encryption? seems pretty easy for me...

function GetEncryptedValue(const S: string): string;
var
  i: Integer;
begin
  Result := '';
  for i := 1 to Length(S) do
    Result := Result + Char(Byte(S[i]) + 5 + (i * 2));
end;

Try it:

ShowMessage(GetEncryptedValue('ADMIN'));
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12367799
First of all, you cannot give 1000 points at EE without asking two different, valid questions.
Second, I'm not sure what you are trying to do. But if I have to guess, you're trying to guess how InterBase encrypts the passwords so you can encrypt new passwords yourself? Well, DragonSlayer gave the answer for you for your example but it depends on the software that you're using. If above example comes from your database then DragonSlayer has it cracked. If not, then the encryption might be quite difficult to crack. It could well be that they're even using hashes in which case you can never get the original password back.

But if above example of yours is from the database then the security of that software product sucks big time...
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12368164
Thanks  DragonSlayer its work
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368206
Yea, the encryption is lame ;-)
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368211
Now, where is my 1000 points? LoL... heheheheh
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delphi procedure  - Unsatisfied forward or external declaration. 2 140
delphi prevent click fast 2 189
Newbie Thread Programming 1 139
Internet Explorer View Settings Question 15 106
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now