
Encryption blunder!!
I have a forum running for some time now with a password encryption routine I got from this site.<BR><BR>However I have just decided to migrate to another forum when I discover I have implemented the routine wrong!!<BR><BR>Can any tell me how to decrypt this routine? :(<BR><BR> Sub RC4Initialize(strPwd)<BR> ':::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::<BR> '::: This routine called by EnDeCrypt function. Initializes the<BR> '::: sbox and the key array)<BR> ':::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::<BR> <BR> dim tempSwap<BR> dim a<BR> dim b, intLength<BR> <BR> intLength = len(strPwd)<BR> For a = 0 To 255<BR> key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))<BR> sbox(a) = a<BR> next<BR> <BR> b = 0<BR> For a = 0 To 255<BR> b = (b + sbox(a) + key(a)) Mod 256<BR> tempSwap = sbox(a)<BR> sbox(a) = sbox(b)<BR> sbox(b) = tempSwap<BR> Next<BR> End Sub<BR> <BR>' ENCRYTPTION ROUTINES <BR> <BR> Function EnDeCrypt(psw)<BR> <BR> dim temp<BR> dim a<BR> dim i<BR> dim j<BR> dim k<BR> dim cipherby<BR> dim cipher<BR> dim plaintxt<BR> plaintxt ="you_must_be_very_sad_to_have_cracked_this!"<B R> <BR> i = 0<BR> j = 0<BR> <BR> if len(psw)>0 then<BR> <BR> RC4Initialize psw<BR> <BR> For a = 1 To Len(plaintxt)<BR> i = (i + 1) Mod 256<BR> j = (j + sbox(i)) Mod 256<BR> temp = sbox(i)<BR> sbox(i) = sbox(j)<BR> sbox(j) = temp<BR> <BR> k = sbox((sbox(i) + sbox(j)) Mod 256)<BR> <BR> cipherby = Asc(Mid(plaintxt, a, 1)) Xor k<BR> if cipherby = 0 then<BR> cipher = "?"<BR> else<BR> cipher = cipher & Chr(cipherby)<BR> end if<BR> Next<BR> <BR> EnDeCrypt = Replace(cipher,"'","~") < mod<BR> else<BR> EnDeCrypt =""<BR> end if<BR> <BR> End Function<BR><BR><BR>many thanks...<BR><BR>JR<BR>;)

RE: Encryption blunder!!
Is this the "Exact code"<BR><BR>Close to the end of the function <BR><BR>EnDeCrypt = Replace(cipher,"'","~") < mod '<<<doesnt look like a legal statement<BR><BR>Can you double check it to make sure

RE: Encryption blunder!!
I see you added it there, but what were you really using?

RE: Encryption blunder!!
Sorry, the '< mod' is a note to let you know that I have modified it to remove aprostraphies. :)<BR><BR>The line actually looks like this...<BR><BR>EnDeCrypt = Replace(cipher,"'","~") <BR><BR>Little more info for you, sorry if you already know this...<BR><BR>The routine basically takes a text string and encrypts it using a password. If you pass the encrypted text back to the routine with correct password the string is returned.<BR><BR>However, I have got confused and passed the text string along with the users password to encrypt. When I should have passed the password as text and encrypted using fixed string!<BR><BR>There, clear as mud!<BR><BR>Thanks for your input.<BR><BR>JR

ok heres the tricky part...
text = russell<BR>password = russell<BR><BR>So you passed russellrussell to be incripted...<BR>Was it encripted with the right password russell as well?<BR><BR>Did it happen for all the users, or just a few?<BR>If it happened for everyone, then you should be able to reverse it... just will be tedius to do...<BR><BR>Basically, take the encrytion, decript it with the right password, then remove the password from the decripted string should leave you with what you need....<BR><BR>Then just a matter of updating the field again...<BR><BR>A Bit more detail would help.

RE: ok heres the tricky part...
Russell,<BR><BR>Thanks for your patience!<BR><BR>The encryption routine I have copied has 2 parameters, Text and Password. <BR><BR>Text  is the field to be encryted<BR>Password  is the locking field<BR><BR>You pass the 2 as parameters and the text field is encrypted using the password. To unlock the encrypted text you pass it back to the routine with correct password.<BR><BR>However I done the opposite...<BR><BR>Text  'fixed text statement'<BR>Password  <user password><BR><BR>where as I should have done...<BR><BR>Text  <user password><BR>Password  'fixed text statement'<BR><BR>All the passwords are encrypted this way, and I need to migrate them to a new forum with a new encryption routine. <BR><BR>Is that any clearer?<BR><BR>Many thanks...<BR><BR>JR<BR><BR>

RE: ok heres the tricky part...
I know how the rc4 works...<BR>just trying to understand exactly what steps you did....<BR><BR>In other post you said<BR>text string along with the users password to encrypt<BR><BR>So I took it that you put the extstring and password together in 1 string, and then encripted it...<BR><BR>So you have a "Fixed text string" which you want to use as the encryption key right...?<BR><BR>Now you want to use that Key, to encrypt the passwords...<BR><BR>Ok you mixed the 2 and just encrypted the Fixed text string using the password...<BR>But stored only the encrypted "Fixed text string"...<BR><BR>OK<BR>Big question here...<BR>If the string was encrypted with the users password...<BR>Do you still have a copy of the origional passwords?<BR><BR>Without each password used, "ecause they are the "encryption/decription key", without them its impossible to decrypt...<BR><BR>But then again why would you want to decript if it was only the fixed text to begin with...<BR><BR>If you have copies of the passwords, cant you start over?<BR><BR>Thats what I was meaning about more information...<BR>What steps you took, and if you have origional data left over...<BR>

Final attempt :(
OK, here's how it goes!<BR><BR>I have built a forum site that allows members to register. When they register their password is encrypted using the RC4 routine and stored in my database.<BR><BR>However I would now like to migrate all 900+ members into a new forum, without resetting their passwords.<BR><BR>To do this I need to run their passwords through RC4 routine to decrypt them in order to migrate them to the new forum.<BR><BR>However, when I came to do this I noticed that I had implemented the routine incorrectly and that I couldn't get it to return the correct passwords.<BR><BR>Attached is the exact code that was in my original forum. <BR><BR>Notice that I have removed one of the paramters from the routine 'plaintext' and hard coded it as 'you_must_be_very_sad_to_have_cracked_this� 39; and the routine is passed the users password and return an encrypted version of the 'plaintext' string.<BR><BR>However, what I should have done is passed the user password into the 'plaintext' field and encrypted using a hardcoded password.<BR><BR>Thanks... JR<BR><BR><BR><BR> Function EnDeCrypt(psw) <BR> <BR> dim temp <BR> dim a <BR> dim i <BR> dim j <BR> dim k <BR> dim cipherby <BR> dim cipher <BR> dim plaintxt <BR> plaintxt ="you_must_be_very_sad_to_have_cracked_this!" <BR> <BR> i = 0 <BR> j = 0 <BR> <BR> if len(psw)>0 then <BR> <BR> RC4Initialize psw <BR> <BR> For a = 1 To Len(plaintxt) <BR> i = (i + 1) Mod 256 <BR> j = (j + sbox(i)) Mod 256 <BR> temp = sbox(i) <BR> sbox(i) = sbox(j) <BR> sbox(j) = temp <BR> <BR> k = sbox((sbox(i) + sbox(j)) Mod 256) <BR> <BR> cipherby = Asc(Mid(plaintxt, a, 1)) Xor k <BR> if cipherby = 0 then <BR> cipher = "?" <BR> else <BR> cipher = cipher & Chr(cipherby) <BR> end if <BR> Next <BR> <BR> EnDeCrypt = Replace(cipher,"'","~") <BR> else <BR> EnDeCrypt ="" <BR> end if <BR> <BR> End Function <BR>
Posting Permissions
 You may not post new threads
 You may not post replies
 You may not post attachments
 You may not edit your posts

Forum Rules

