From: Markku-Juhani Saarinen <marks@evitech.fi>
To: “Sean A. Walberg” <sean@escape.ca>
Message Hash: 8afb6d08177824fc105139a8a15b1a3a20d0ba899c0773aea6992f92a918ccb6
Message ID: <Pine.3.89.9508191650.A25524-0100000@evitech.evitech.fi>
Reply To: <Pine.SOL.3.91.950816110927.4127G-100000@wpg-01.escape.ca>
UTC Datetime: 1995-08-19 14:08:03 UTC
Raw Date: Sat, 19 Aug 95 07:08:03 PDT
From: Markku-Juhani Saarinen <marks@evitech.fi>
Date: Sat, 19 Aug 95 07:08:03 PDT
To: "Sean A. Walberg" <sean@escape.ca>
Subject: Re: Eudora/Trumpet encryption (stupid, solved here)
In-Reply-To: <Pine.SOL.3.91.950816110927.4127G-100000@wpg-01.escape.ca>
Message-ID: <Pine.3.89.9508191650.A25524-0100000@evitech.evitech.fi>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 16 Aug 1995, Sean A. Walberg wrote:
> I'm a crypto newbie here, but does anybody know how Trumpet Winsock
> and/or Eudora encrypt the passwords in their .ini files? I am trying to
> write a front end for a client and would rather it set up automatically
> rather than the program ask.
>
It's not xor. It's wrap-around addition. Not much better than rot-13 :) I
broke it for my friend just a couple of days back, but it seems like he
has deleted the source I wrote at his place (crytoanalysis and writing the
4-line c-source took about 20 minutes, total). Besides the key (the one
used in encryption of the password) may be different in different
versions and licences of these programs.
Here's what you'll have to do to get the built-in key:
1. set password to 00000000, for example, and see what it encrypts into.
2. now substract 0x30 (ascii 0) from every character of the encrypted
password. congratulations, you have the key! :)
Now you can pretty much figure out how to decrypt any password.
Note:
Encrypted characters are in the range 32..127. First perform a logical
and with 0x7f. If the result is smaller than 32, add 32.
- mark
Return to August 1995
Return to “White Adept <adept@minerva.cis.yale.edu>”