[8451] in bugtraq
Re: Which crypto algorithm? was: Communicator 4.5 stores
daemon@ATHENA.MIT.EDU (Thievco)
Mon Nov 9 12:31:24 1998
Date: Fri, 6 Nov 1998 16:07:45 -0800
Reply-To: Thievco <thievco@SPRITE.NETNATION.COM>
From: Thievco <thievco@SPRITE.NETNATION.COM>
To: BUGTRAQ@NETSPACE.ORG
>Does anybody know the algorithm used to encrypt the passwords in
>Communicator??
Apparantly, it takes the plaintext, xors it with a fixed string,
and base64 encodes the result:
use MIME::Base64;
print ((decode_base64('NLyIPunfKw==')) ^ ("\x56" . "\xc9" . "\xef" .
"\x4a" . "\x9b" . "\xbe" . "\x5a"));
You need the MIME perl module.
This one is good up to 7 characters, because that's how long a couple of
POP passwords I have are :)
Should be pretty straightforward to extend beyond 7 characters.. just take
the encoded string from the prefs file, base64 decode it, and xor it with
your password in plaintext. What you'll get is the fixed string to xor
with.. just extend the bytes I have above. The sequence of bytes is
non-obvious as to the meaning (at least to me.) It doesn't spell anything
in ASCII. Let me know if it doesn't work on your passwords.. I'm curious.
I only had a couple to try.
BB
