2

I'm trying to figure something out. I have a legacy system in place and I'm not using all of it. There are business reasons why we use things this way.

Some fields in the system get encrypted by a piece of middleware that I ultimately would like to replace. I can't replace this part of the system because I can't decrypt the values properly.

For example I have a field that contains the word:

ferret

This is encrypted and becomes:

^ADFJBLFOHLOJFNHHKFJLHFJNPCJFJCPFBAPEKDKM

The words

wellington boot

becomes

^KOKFDEJPAAPFJHPOIGOICOAHKFLNFHMIOJNHAAHF

I can see the unencrypted data and I can see the resulting encrypted data but I am trying to find what algorithm was used to turn the field value into the encrypted versions. The main reason for this is that I have a requirement to massively increase the number of fields that contain the encrypted data but at the moment I can't because I cannot replace the existing encryption mechanism because I don't know what was used to encrypt the data.

There is simply too much data in the system to go through and load up each record and make a note of the unecrypted data so I can make a new encryption mechanism.

If I knew how the existing data was encrypted I could use the same method to encrypt my new fields. The system encrypts certain fields only and my extension to the system needs to encrypt others using the same method.

How can I do this? Is it even possible to find out how the data was encrypted and what method was used?

Improve this question
9
  • 1
    you're sure it's encryption and not just a parsing bug? Commented Jun 12, 2013 at 17:26
  • 2
    I'm afraid that in order to find out what encryption was used you'll have to dig in the code... Commented Jun 12, 2013 at 17:27
  • Just a thought - the ^ is used to denote XOR. And the length of both is the same. Maybe it is just a simple xor encryption with a pass phrase... Just a guess... Also, might be helpful: security.stackexchange.com/questions/3989/… Commented Jun 12, 2013 at 17:27
  • 6
    Is this reversed anywhere? Because the two are equal lengths, I'd suspect a hash. Commented Jun 12, 2013 at 17:29
  • 1
    @Kevin, you're right. It's a hash for sure. Commented Jun 12, 2013 at 17:47

1 Answer 1

Reset to default
5

It is SHA1, translated into A for 0, B for 1, C for 2, etc. For example, your "wellington boot" example has the SHA1 hash of "aea5349f00f..." which is clearly "KOKFDEJPAAP..."

So you can just use SHA1 and do the same translation to continue the pattern.

To check this, try the phrase "test phrase" - the SHA1 of this is "ab8f37d89b1154ba18c78a7e4b8eef2acdfec1eb", which becomes "KLIPDHNIJL..." in your system.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

confirmed. SHA1("ferret") = 03591B... or ADFJBL... in the encoding scheme
This is exactly what I wanted. Now I can recreated the same encryption method. I know SHA1 is not a reversible encryption mechanism and all I needed was to be able to encrypt and compare data once stored.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.