And my suggestion would be to not bother trying.
-
-
You should know if it is salted because the salt values would be stored as well. Alternatively query for duplicate encrypted strings, unless the represented data (car reg.) is unique in which case that won't help.
A sample of one isn't very useful. Post a few more if you can.Comment
-
Surely they would;t be salted if they were encrypted?Originally posted by Contreras View PostComment
-
If you pay peanuts you get salted.Comment
-
It does look like base64 encoding that has been hacked a bit. I did that in Excel VBA to protect my passwords list, took a standard online GNU script and fiddled about with a few lines.
DL13 UHU comes out as QT/xMBEVRUX< in my script unfortunately so not the same hack.Last edited by xoggoth; 21 July 2015, 21:58.bloggoth
If everything isn't black and white, I say, 'Why the hell not?'
John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)Comment
-
Looks to me like it's been encrypted with something where the output is the same size (rounding up to a block), and then that binary output has been base64 encoded for storage (rather than storing raw bytes).Originally posted by xoggoth View Post
I say that because it doesn't look like a plate number using any of the character encodings I used for the base64 decoded binary.
I don't think its RSA encrypted because it would grow substantially bigger.
I don't know much about hashing algorithms but I know MD5 would make it a lot larger too.
Maybe just synchronous AES encryption with base64 encoding.
But if the key is good then you've got no chance.
All that said, I'm far from expert.Comment
-
Unless they salt with a constant, or some other field such as date/name/whatever that is not labelled as the salt.Originally posted by Contreras View PostOriginally posted by MaryPoppinsOriginally posted by vetranComment
-
True, although a constant salt is just one step up from useless.Originally posted by d000hg View Post
I have an idea of the method and how it could be trivially attacked. But with a sample data set of only 1 it might as well be a random number generator.Comment
-
Here are a few more...
( again not sure if space has been removed )
AE07 GVD -> 4ZRxfz6IfsY=
PJ56 EDU -> IYE31M+sx5E=
YT51 YZM -> q8EXdgQXoOg=
The system creators are the types to find the first thing on google that they could copy and paste.Comment
-
haha well that bolluxed my theoryOriginally posted by minestrone View Post
What is clear though is that the encrypted strings are all 8-chars, and so far the plaintext strings are also all 8-chars.
The next thing would be to inspect other reg's starting with D, A, P or Y, and reg's not 8-chars in length.Code:$~ base64 -d <<< Mw+w2j5CLBc= | od -An -t x1 33 0f b0 da 3e 42 2c 17 $~ base64 -d <<< q8EXdgQXoOg= | od -An -t x1 ab c1 17 76 04 17 a0 e8 $~ base64 -d <<< IYE31M+sx5E= | od -An -t x1 21 81 37 d4 cf ac c7 91 $~ base64 -d <<< 4ZRxfz6IfsY= | od -An -t x1 e1 94 71 7f 3e 88 7e c6
Or get hold of the source code!Comment
Comment