Working out encryption method

A place to discuss the science of computers and programs, from algorithms to computability.

Formal proofs preferred.

Moderators: phlip, Moderators General, Prelates

User avatar
krogoth
Posts: 411
Joined: Wed Feb 04, 2009 9:58 pm UTC
Location: Australia

Working out encryption method

Postby krogoth » Wed Dec 10, 2014 4:10 am UTC

How much information is enough information to work out the encryption method.

I have a File, i've encrypted it twice, both with the same password, using a specific work tool.

Both times it's come out the same

Ö
E x;âÝÒ‚ˆÝ@'n„VkQV

text does look slightly different in the text file attached but is the same in both backups.

You found it great work

Is the text, and using the password as

Welcome1

I'm wondering if it's possible to work out a way to decrypt a coworkers files as the program records the password the first time to create a backup and keeps using the same one and she cannot remember what she used.
There is an encryption reference file, however it changes each time a backup is made but the encrypted file doesn't change in separate backups so I'm assuming it's useless.
I can preform more tests, and the program is called "my help" the file type is "my help encryption" I haven't included the file as apparently txt isn't a safe format.

Outside of this, is there something I could be looking at? even if this info is useless, maybe some good webpages about file recovery?
R3sistance - I don't care at all for the ignorance spreading done by many and to the best of my abilities I try to correct this as much as I can, but I know and understand that even I can not be completely honest, truthful and factual all of the time.

wumpus
Posts: 533
Joined: Thu Feb 21, 2008 12:16 am UTC

Re: Working out encryption method

Postby wumpus » Wed Dec 10, 2014 2:20 pm UTC

From the sound of it, you almost certainly shouldn't be writing this program (security is hard. You need to already know almost all the pitfalls already to not fall in them). On the other hand, if there isn't any else to do it...

You never, never, keep the passwords in plaintext. You shouldn't even keep them at all, but your best guess would be to use public key encryption to automatically produce a backup file of passwords (this works because while you can assume that somebody *will* get ahold of the the password file, the key needed to decrypt the password file won't be on the disk (just the encryption key). Also, remember to salt your passwords (note that the salt doesn't have to be all that random. You could start with a random 64 bit number and just go consecutively after that. The salt just has to be unique).

PS. if you do use this method, don't ever use/store the decryption key on the same machine as the machine that stores the encrypted passwords if you can avoid it. Ideally you will use a separate computer with the hard drive removed and a live linux system to decrypt. Things get much worse if you have reason to suspect being a hacker target.

User avatar
Xanthir
My HERO!!!
Posts: 5330
Joined: Tue Feb 20, 2007 12:49 am UTC
Location: The Googleplex
Contact:

Re: Working out encryption method

Postby Xanthir » Thu Dec 11, 2014 1:35 am UTC

@wumpus: krogoth is trying to *decrypt* a file, not encrypt it. A friend of theirs lost the password to their encryption tool, so they can't decrypt their older files, and krogoth is attempting to help them recover it.

@krogoth: In a well-designed cryptosystem, you need the entire password to decrypt the file. I don't know what program you're using to encrypt things, but it may or may not be using something well-designed; you'll have to look that up and see if anyone else has tried to attack it before.
(defun fibs (n &optional (a 1) (b 1)) (take n (unfold '+ a b)))

wumpus
Posts: 533
Joined: Thu Feb 21, 2008 12:16 am UTC

Re: Working out encryption method

Postby wumpus » Thu Dec 11, 2014 2:15 am UTC

Ouch.

Basically there are two ways to decrypt a file you don't have the password for:
1. Guess the password (with a dictionary attack like Jack the Ripper and some helpful hints from coworker).
2. Attack the implementation. Since it stores the password (somewhere) this should be possible. I'd really recommend an exhaustive search of possible passwords first.

User avatar
krogoth
Posts: 411
Joined: Wed Feb 04, 2009 9:58 pm UTC
Location: Australia

Re: Working out encryption method

Postby krogoth » Thu Dec 11, 2014 10:21 pm UTC

The program is a company internal one, with a useless name of "my help" so it'll be difficult to find past occurrences or a recovery method, and the internal team don't really cover the program for some reason.

There is an "encryption_reference" file (shows as plaintext in notepad), but it changes each time even for the same document and same password- even though the encrypted document is the same each time after encryption, so unless it's got a timestamp or something mixed in with the key, i doubt it's useful.

Ok, cool. I'll check with her is she minds giving a list of possible passwords, and look into this Jack the Ripper/dictionary attack thing.

Thanks for the help guys
R3sistance - I don't care at all for the ignorance spreading done by many and to the best of my abilities I try to correct this as much as I can, but I know and understand that even I can not be completely honest, truthful and factual all of the time.


Return to “Computer Science”

Who is online

Users browsing this forum: No registered users and 7 guests