![]() ![]() You may want to try to compute MD5("username:password") or other similar variants, to see if you get a match. Assuming that the value is deterministic from the password for a given user, if two users choose the same password, does it result in the same stored value ? If no, then the user name is probably part of the computation.If the same user "changes" his password but reuses the same, does the stored value changes ? If yes, then part of the value is probably a randomized "salt" or IV (assuming symmetric encryption).So reverse engineering is the "way to go".īarring reverse engineering, you can make a few experiments to try to make educated guesses: Application code is incarnated in a tangible, fat way (executable files on a server, source code somewhere.) which is not, and cannot be, as much protected as a secret key can. The "normal" way to know that is to look at the application code. not really an "encrypted" password, rather a "hashed" password) then this is probably the result of a hash function computed over the password the one classical hash function with a 128-bit output is MD5. If this is a value stored for password verification (i.e. ![]() ![]() Your example string ( WeJcFMQ/8+8QJ/w0hHh+0g=) is Base64 encoding for a sequence of 16 bytes, which do not look like meaningful ASCII or UTF-8. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |