Re: [Full-disclosure] Cipher detection



I'm trying to figure out what kind of cipher was used in this:

GGobQ2bsqd64PXVAmaDiDBg=

Looks like Base64, but it's not. The original string is:

dummy@xxxxxxxxxxx

Thanks all!


As Thor mentioned, since the ciphertext is not a multiple of a common
block cipher's block size (8 or 16 bytes), then an XOR might be in
use. This points to either a block cipher in CFB, OFB, or similar
modes, or a stream cipher (RC4?), or some hack someone put together
that involves XORing some secret with the email address.

Your next step should be to have several different plaintexts
encrypted, then XOR away the plaintext from the ciphertext to get your
keystream for each. If you see duplication across key streams, then
you might be looking at a bad hack or use of a cipher which reuses the
same IV for each email address, which is also a big no-no.

HTH,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/