1

I'm trying to do some updates on a pretty old app that has been abandoned I have located some of the admin passwords in the database it seems to be a very simple hash but not anything I have run into before. I can change user passes not admin passes and in doing so am trying to decipher the pattern.

Here are some examples

=> hasehes to

1234 => rebrmyrj

david@work => wbczyjwbxmftfredjmra

password => tfczyyttkjfefpej

lana@work => wyczpewyxtejeffwrc

abcdefghijklmnop => wecrpywjxzfrerearerbapmcwerzfmmc

qrstuvwxyz => tedryytjkzerfrfajejb

Anybody familiar with this ??

Thanks in advance

*Edit

Changed Hash to Encryption on input from Bjorn and Oscar

Improve this question
5
  • 5
    Please don't mistake hashes for encryption. A hashed password cannot be reversed (though, they can be compromised by rainbow tables). An encrypted password can be decrypted. Your examples show almost certainly encryption, not hashing. Commented Mar 15, 2013 at 19:43
  • @Bjoern Excellent point I will edit the question.Friday afternoon ;) Commented Mar 15, 2013 at 19:57
  • Hmm. Although hashing/encryption in general is difficult to unhash, I do see some patterns here. Could you hash 'a', 'ab', 'aa' and show the results? Commented Mar 15, 2013 at 20:34
  • 1
    @ElKamina - Those combinations will give 'a'->'we', 'ab'->'wecr' and 'aa'->'wecz', won't they? Commented Mar 15, 2013 at 20:41
  • @martinstoeckli Looks like it! If you see the examples, for every input letter there are two output letters. If the second letter is 'a', then second pair is always 'cz'. Commented Mar 15, 2013 at 20:48

3 Answers 3

Reset to default
3

This appears to be a poly-alphabetic substitution cipher. Each letter in the input always maps to two letters in the output, but exactly which two letters each input-letter maps to depends on its position in the string.

For example, notice that a always appears to map to we if it's the first letter, but a maps to cz if it's the second letter, etc.

Since you have chosen-plaintext, this is trivial to break; just encode the phrases aaaaaaaaaaa..., bbbbbbbbbbb..., ccccccccccc..., etc, to determine exactly which letter maps to which characters at each point in the string (you may need to also map uppercase letters: AAAAAAAAAA... etc.). If you begin to see repeats, that would mean this cipher is most likely a Vigenère cipher.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

It looks like this is whether hashing nor real encryption. The same character will give the same two character output at the same position:

char, pos = output
a   , 2   = cz
w   , 7   = fr
s   , 3   = yy

If you look at the characters at the same position, you will notice that there is just a countdown from a certain start value:

char, pos = output
a   , 1   = we
d   , 1   = wb

The character 'a' + 3 = 'd', in the result 'we' - 3 = 'wb'.

So you will just have to find the original string, from which the characters of the password are subtracted. The rest i think, should be a routine piece of work.

Improve this answer

Comments

2

By definition, a hash algorithm can not be reversed: is a non-invertible function. Besides, although unlikely, it's possible that several inputs could hash to the same value (a collision).

Improve this answer

1 Comment

That several inputs can hash to the same value is exactly why a hash algorithm is not an invertible function (it's a surjection).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.