Solved

crypt key generate

Posted on 2004-10-20
9
251 Views
Last Modified: 2010-04-05
I have a problem, I have soft in my work, where cant users change password, ther can only when make new user set password only ADMIN and I want make smal app where users can change passwod , but  in DB (INTERBASE) these passwodrds saves crypted

example:
HMXV] is ADMIN
S^ON is LUDA
KRL[P]hY is DIANALUD
RJ]YXd is KARLIS
=>=CCJH is 6526495


are there have chance???


0
Comment
Question by:KarlisB
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:alzv
ID: 12359305
If that is not a secret, what soft do you use?

Regards, Alexey.
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12359914
Consider using a hash instead. A hash can be calculated in only one direction. What you do is this:
A password is stored -> Calculate hash over password, store hash in database.
A password is compared -> Calculate hash over password and compare hash with the value stored in the database.

The SHA hash and the MD5 hash methods are quite strong, thus it would take a while before the hacker guesses the right password.

Encryption is only useful when you want to do something with the values, but in general you don't want to do anything with passwords stored in the database. But your application could remember the password entered by the current user, since it is validated with the database. But no user should be able to see passwords of other users anyway. I personally would feel very uncomfortable if the system administrator at work knew my password. He can change it if he wants but this will be noticed by me since my password becomes invalid afterwards.
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12366592
maybe you not understand the problem, is there chanse to make app in delphi who make crypting identical like soft in bookkeeping ??? For full solution I give the 1000 points
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 12

Expert Comment

by:Ivanov_G
ID: 12366889
Well, you have to know how the software read the crypted passwords. It seems to me that this is simple XOR algorythm, because the number of chars in crypted password is the same as the number of chars in the password itself. In XOR method, there are 2 integer numbers you have to "guess". After that you can make crypted passwords...
0
 
LVL 14

Accepted Solution

by:
DragonSlayer earned 250 total points
ID: 12367011
You mean to crack the above encryption? seems pretty easy for me...

function GetEncryptedValue(const S: string): string;
var
  i: Integer;
begin
  Result := '';
  for i := 1 to Length(S) do
    Result := Result + Char(Byte(S[i]) + 5 + (i * 2));
end;

Try it:

ShowMessage(GetEncryptedValue('ADMIN'));
0
 
LVL 17

Expert Comment

by:Wim ten Brink
ID: 12367799
First of all, you cannot give 1000 points at EE without asking two different, valid questions.
Second, I'm not sure what you are trying to do. But if I have to guess, you're trying to guess how InterBase encrypts the passwords so you can encrypt new passwords yourself? Well, DragonSlayer gave the answer for you for your example but it depends on the software that you're using. If above example comes from your database then DragonSlayer has it cracked. If not, then the encryption might be quite difficult to crack. It could well be that they're even using hashes in which case you can never get the original password back.

But if above example of yours is from the database then the security of that software product sucks big time...
0
 
LVL 3

Author Comment

by:KarlisB
ID: 12368164
Thanks  DragonSlayer its work
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368206
Yea, the encryption is lame ;-)
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 12368211
Now, where is my 1000 points? LoL... heheheheh
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Objective: - This article will help user in how to convert their numeric value become words. How to use 1. You can copy this code in your Unit as function 2. than you can perform your function by type this code The Code   (CODE) The Im…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question