Encryption Algorthim used?

Posted on 2004-11-26
Last Modified: 2010-04-11
Dear all,

I am currently working on automation of a particular application so that it can be deployed via our software distribution tool. However, the configuration screen of the application has no auotmation interface available for it i.e. no command line, etc. To start, i was using send keys method is vb script, however this will not work when no user is logged on, and so software fails to deliver correctly.

So to work around the need to use the GUI interface, i captured where the program writes the values to in the registry. However, one field is a password field, and when entered into the GUI, the program encrypts the value and writes that to the registry. The registry entry changes every time OK is pressed, even if the value does not, so I would assume that a floating algorithm is used??

My question - if i have the value before, and the encrypted value, is it possible to find out which algorthim is used? If so, could i then use this in my script and then write the excrypted value to registry myself?

I've included background details, as i'd be open to any other suggestions people may have.

cheers in advance.
Question by:spliffcity
    LVL 38

    Expert Comment

    by:Rich Rumble
    That is basically a dictionary attack, encrypting word's using a certain algorythm and looking for a match. Typically the algorythm is known, but the word is not. This is just a little different. We'll this works for unsalted, and symmetric cryptosystems. It is also possible to figure out what encryption algorythm was used with this method.
    However, in your case, if the same password is entered everytime, and the value in the registry changes, then the algorythm uses "salts" or is Asymmetric- then it's a little bit harder, but not much more. There are a variaty of tools that will allow you to pass a word into a program and then output the encrypted hash.
    LVL 1

    Expert Comment

    Have you tested if a password created on your PC can then inserted into the registry of a destination PC and works?
    It may not give you the formula but allows the possibility of a common default password being distributed.

    Also check that there is not another random number registry entry (or maybe file) that is also part of the password formula.

    Author Comment


    Can you reccommned a program that would allow me to discover the algorythm? I'm looking at LC 5, but unsure whether this is what I need.

    LVL 38

    Accepted Solution

    LC5 is only for LanMan and NTLM Hashes. You may want to try JohnTheRipper, it is able to recognize a few more hashes than LC5. John is found at
    Still john may nor recognize the algorythm, and I am not allowed to post usage for this program, you'l' have to read up on it. GigaPlus also has a very valid point before you go an try doing all of this... test your theory, then see if you can reverse engineer the hash.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now