Encryption Algorthim used?

Dear all,

I am currently working on automation of a particular application so that it can be deployed via our software distribution tool. However, the configuration screen of the application has no auotmation interface available for it i.e. no command line, etc. To start, i was using send keys method is vb script, however this will not work when no user is logged on, and so software fails to deliver correctly.

So to work around the need to use the GUI interface, i captured where the program writes the values to in the registry. However, one field is a password field, and when entered into the GUI, the program encrypts the value and writes that to the registry. The registry entry changes every time OK is pressed, even if the value does not, so I would assume that a floating algorithm is used??

My question - if i have the value before, and the encrypted value, is it possible to find out which algorthim is used? If so, could i then use this in my script and then write the excrypted value to registry myself?

I've included background details, as i'd be open to any other suggestions people may have.

cheers in advance.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
That is basically a dictionary attack, encrypting word's using a certain algorythm and looking for a match. Typically the algorythm is known, but the word is not. This is just a little different. We'll this works for unsalted, and symmetric cryptosystems. It is also possible to figure out what encryption algorythm was used with this method.
However, in your case, if the same password is entered everytime, and the value in the registry changes, then the algorythm uses "salts" or is Asymmetric- then it's a little bit harder, but not much more. There are a variaty of tools that will allow you to pass a word into a program and then output the encrypted hash.
Have you tested if a password created on your PC can then inserted into the registry of a destination PC and works?
It may not give you the formula but allows the possibility of a common default password being distributed.

Also check that there is not another random number registry entry (or maybe file) that is also part of the password formula.
spliffcityAuthor Commented:

Can you reccommned a program that would allow me to discover the algorythm? I'm looking at LC 5, but unsure whether this is what I need.

Rich RumbleSecurity SamuraiCommented:
LC5 is only for LanMan and NTLM Hashes. You may want to try JohnTheRipper, it is able to recognize a few more hashes than LC5. John is found at openwall.com.
Still john may nor recognize the algorythm, and I am not allowed to post usage for this program, you'l' have to read up on it. GigaPlus also has a very valid point before you go an try doing all of this... test your theory, then see if you can reverse engineer the hash.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.