[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    E*TRADE's encryption algorithm is XOR
From:       Tim Hollebeek <thollebeek () CIGITAL ! COM>
Date:       2000-09-27 18:51:18
[Download RAW message or body]

Jeffrey Baker's advisory on security vulnerabilities with E*TRADE's web
interface describes the cookie encryption algorithm in terms of a lookup
table, and Marc Slemko has posted an implementation with a series of
compares, additions, and subtractions.

In fact, it is much worse: The encryption scheme is just XOR with a fixed
byte.

"Encryption" proceeds as follows:

1. Take the ASCII byte and XOR it with 0xA8.                   (e.g. for 'f'
[0x66] -> [0xCE])

2. Split it into the high and low nibbles.                     (e.g. [0xCE]
-> [0xC, 0xE])

3. Add 0x40 to produce an uppercase letter or '@'              (e.g. [0xC,
0xE] -> "LN")

Repeat for the rest of the characters in the username and password.  That's
it.

Tim Hollebeek
Cigital, Inc.
(formerly Reliable Software Technologies)

[prev in list] [next in list] [prev in thread] [next in thread]