From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Sun, 2 May 93 21:54:38 PDT
To: cypherpunks@toad.com
Subject: Need some Advice
In-Reply-To: <9304290001.AA02691@vax1.cc.uakron.edu>
Message-ID: <9305030451.AA00114@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


> I also would like to thank Eric Hughes for replying to my early question
>on Q&A a dos database problem. His basic steps solved the problem in less
>30 min. By the way the algorithm used very lame.
> abs(ascii character - 255)

Now that you've figured out how, could you write the method up in more
detail?  Please include facts like the location of the password inside
the database files, the version of Q&A you tested, etc.  I'll put it
up for ftp when you're done.

Share the work so that others can look at it.

The password was encrypted on a character-by-character basis?  Some
people really are foolish, either the ones who wrote the software
thinking it was secure, or the ones who pay the ones who wrote the
software to recover lost passwords.  Any encryption that allows
passwords to be recovered should not be called encryption; it should
be called snake oil.

> I would like a little more info on the debugger method. 

Got a program?  You've got my email address.

Eric