T24: Standard T24 encription
425 views
Skip to first unread message
Alex
Jun 3, 2011, 12:53:57 PM6/3/11
to jBASE
Dear all,
i'm trying to figure out if our old T24 test machine is using standard
(weak-weakest) encryption algorithm. Sadly, i have no jbase
programming skills (unlike most of you here). Thus, i can only see the
"password" field for the users defined in USER.FULL. Can i understand
which encryption algorithm was used at the time the machine was used
by analysing the encoded strings ? If needed, i can provide some of
the passwords stored hashes in order to check the encryption
algorithm.
I'm not into encryption so much, i only have basic knowledge of simple
algorithms but i would like to determine if the system was at risk at
the time it was used for testing purposes, if weak encryption was
used. I will provide the database version and release no (1.5.0. and
7.1 if i'm not mistaking).
Thank you in advance.
i'm trying to figure out if our old T24 test machine is using standard
(weak-weakest) encryption algorithm. Sadly, i have no jbase
programming skills (unlike most of you here). Thus, i can only see the
"password" field for the users defined in USER.FULL. Can i understand
which encryption algorithm was used at the time the machine was used
by analysing the encoded strings ? If needed, i can provide some of
the passwords stored hashes in order to check the encryption
algorithm.
I'm not into encryption so much, i only have basic knowledge of simple
algorithms but i would like to determine if the system was at risk at
the time it was used for testing purposes, if weak encryption was
used. I will provide the database version and release no (1.5.0. and
7.1 if i'm not mistaking).
Thank you in advance.
Alex
Jun 10, 2011, 8:16:46 AM6/10/11
to jBASE
Please help in any way, including suggestions of reading material.
The encryption string looks like this :
ÃöÃÇéÃÏÅ
and i only need to know what type of encryption was used.
Thank you again.
The encryption string looks like this :
ÃöÃÇéÃÏÅ
and i only need to know what type of encryption was used.
Thank you again.
VK
Jun 13, 2011, 3:29:21 AM6/13/11
to jBASE
Hi,
I afraid it's not any standard industry algorithm. Just some custom
jBC string manipulation, though I might be wrong here...
VK
I afraid it's not any standard industry algorithm. Just some custom
jBC string manipulation, though I might be wrong here...
VK
sarfraz...@gmail.com
Jun 13, 2011, 11:19:17 PM6/13/11
to jBASE
Hi All,
There is no such standard industry algorithm used for Password
Encryption. VK is right that it is just a custom jBC string
manipulation :)
Thanks
Sarfraz Rajput
There is no such standard industry algorithm used for Password
Encryption. VK is right that it is just a custom jBC string
manipulation :)
Thanks
Sarfraz Rajput
Igor Micev
Jun 15, 2011, 8:05:47 AM6/15/11
to jBASE
Hi,
The encryption algorithm encrypts same 'strings' differently each
time.
Not knowing the de-cipher, you won't be able to decrypt it.
IM
On Jun 14, 5:19 am, "sarfraz.raj...@gmail.com"
The encryption algorithm encrypts same 'strings' differently each
time.
Not knowing the de-cipher, you won't be able to decrypt it.
IM
On Jun 14, 5:19 am, "sarfraz.raj...@gmail.com"
John Watson
Jun 17, 2011, 2:31:59 AM6/17/11
to jBASE
Hi,
The basic encryption algorithm used in T24 is one-way, this means the
encrypted value is stored and any entered password is also encrypted
and compared to the stored value. It is simply a complex string
manipulation.
If the algorithm is a concern then since R09 it has been possible to
use any industry standard via a field on the SPF, additionally there
are an increasing number of methods available for T24 user
authentication as each T24 release is made available.
HTH
John.
The basic encryption algorithm used in T24 is one-way, this means the
encrypted value is stored and any entered password is also encrypted
and compared to the stored value. It is simply a complex string
manipulation.
If the algorithm is a concern then since R09 it has been possible to
use any industry standard via a field on the SPF, additionally there
are an increasing number of methods available for T24 user
authentication as each T24 release is made available.
HTH
John.
Alex
Jun 17, 2011, 12:02:20 PM6/17/11
to jBASE
Thank you all for the valuable feedback.
I have performed simple logic on the encryption algorythm, and found
the following to be true :
1. the same password produces the same encrypted result for a specific
user every time (every N-th password, after password history)
2. changing one character from the current password only changes
encrypted result by 1 bit, ASCI +1 or -1 i think
3. encrypted character string always equals the password regarding
character length
4. however, the same password set for different users did produce
different encrypted strings, but no. 1-3 still apply
4. the people that configed the server had basicaly the same basic
knowledge of this system i now have and would have made it impossible
for them to customize the encryption algorythm
Alex
Jun 24, 2011, 1:49:14 PM6/24/11
to jBASE
Any hints on how to check for the algorythm that has been enforced at
the time ?
the time ?
Reply all
Reply to author
Forward
0 new messages