1993-04-17 - Q&A DataBase

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: ec1b97aa9cd579801db875b256224d6e551b28d2c7459e286e81bc6acc21bfd2
Message ID: <9304170523.AA17229@soda.berkeley.edu>
Reply To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu>
UTC Datetime: 1993-04-17 05:26:39 UTC
Raw Date: Fri, 16 Apr 93 22:26:39 PDT

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Fri, 16 Apr 93 22:26:39 PDT
To: cypherpunks@toad.com
Subject: Q&A DataBase
In-Reply-To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu>
Message-ID: <9304170523.AA17229@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


Re: Q&A (a DOS database program)

>	   Hello All, does anyone know much about the this program?
>I would like to be able to pick the passwords out of the database file.

One of the purposes of cypherpunks is to figure out stuff like this
and to help others learn how to do it.

In short, you figure it out, and tell us.

To begin with, make a database with some permissions.  Make a complete
copy of that database in another directory.  Now change exactly one
password by exactly one letter.  Use a differencing tool to find the
differences.  Save this copy as well.  Change the same password again.
Check to see if the differences are in the same place.

Do the same with different passwords.  Correlate this information with
the database structures.  Write some software to generate
plaintext/ciphertext pairs.  Get at least a thousand, preferably lots
more.  You'll use these later to verify that your reconstruction of
the algorithm is correct.

If the encryption isn't obvious by now (yes, some of this stuff is
extremely weak) hook up a debugger to the executable and start looking
for the routine which does password encryption.  When you find it,
reverse engineer it and write a C routine that matches the
functionality.

Now you'll be considered having done your homework.  If you still
don't know how to crack passwords after knowing the algorithm, post
the algorithm here and we'll look at it.

Eric





Thread