[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: E*TRADE's encryption algorithm is XOR
From: Tim Hollebeek <thollebeek () CIGITAL ! COM>
Date: 2000-09-27 18:51:18
[Download RAW message or body]
Jeffrey Baker's advisory on security vulnerabilities with E*TRADE's web
interface describes the cookie encryption algorithm in terms of a lookup
table, and Marc Slemko has posted an implementation with a series of
compares, additions, and subtractions.
In fact, it is much worse: The encryption scheme is just XOR with a fixed
byte.
"Encryption" proceeds as follows:
1. Take the ASCII byte and XOR it with 0xA8. (e.g. for 'f'
[0x66] -> [0xCE])
2. Split it into the high and low nibbles. (e.g. [0xCE]
-> [0xC, 0xE])
3. Add 0x40 to produce an uppercase letter or '@' (e.g. [0xC,
0xE] -> "LN")
Repeat for the rest of the characters in the username and password. That's
it.
Tim Hollebeek
Cigital, Inc.
(formerly Reliable Software Technologies)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic