Security Basics mailing list archives

Re: discover encryption method

From: richard () tortoise demon co uk
Date: Mon, 07 Jan 2008 20:17:34 +0000

On Mon, 07 Jan 2008 22:57:50 +0530, Bipin Upadhyay
<muxical.geek () gmail com> wrote:

RSnake's Hashmaster is just the right thing for you, provided the 
passwords aren't salt-ed (in which case you might want to right your own 
script.)
http://ha.ckers.org/hashmaster/

Thanks for the link Bipin.

I don't think the encrypted passwords I'm interested in are hashes.

From the little I know in this area, I thought that a hash was a

non-reversable process, in that if:
 
hash(A)=hash(B) then probably A=B, but knowing hash(A) does not allow
you to calculate A.

The application I'm dealing with can somehow present the passwords in
cleartext in it's user interface, and so is somehow reconstructing the
text from the encrypted value. I'm supposing it to be encrypted using
some secret key held within the application, but I know neither the
key or the method.

Please correct me if I'm mistaken.

Regards,
Richard

Current thread:

discover encryption method richard (Jan 07)
- Re: discover encryption method Bipin Upadhyay (Jan 07)
  - Re: discover encryption method richard (Jan 07)
    - Re: discover encryption method Alexander Klimov (Jan 08)
    - Re: discover encryption method richard (Jan 08)
    - Re: discover encryption method Tofig Gasanov (Jan 08)
    - Re: discover encryption method Alexander Klimov (Jan 09)
    - RE: Re: discover encryption method Worrell, Brian (Jan 08)
    - Email security - gateway WALI (Jan 08)
    - RE: Email security - gateway Bill Lavalette (Jan 08)
    - Re: Email security - gateway Josh Haft (Jan 08)
    - Re: Email security - gateway John Mason Jr (Jan 08)
    - RE: Email security - gateway Krzyston, Randy (Jan 09)

(Thread continues...)