[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Eudora/Trumpet encryption (stupid, solved here)

On Wed, 16 Aug 1995, Sean A. Walberg wrote:

> I'm a crypto newbie here, but does anybody know how Trumpet Winsock 
> and/or Eudora encrypt the passwords in their .ini files?  I am trying to 
> write a front end for a client and would rather it set up automatically 
> rather than the program ask.

It's not xor. It's wrap-around addition. Not much better than rot-13 :) I 
broke it for my friend just a couple of days back, but it seems like he 
has deleted the source I wrote at his place (crytoanalysis and writing the 
4-line c-source took about 20 minutes, total). Besides the key (the one 
used in encryption of the password) may be different in different 
versions and licences of these programs.

Here's what you'll have to do to get the built-in key:

1. set password to 00000000, for example, and see what it encrypts into.
2. now substract 0x30 (ascii 0) from every character of the encrypted 
   password. congratulations, you have the key! :)

Now you can pretty much figure out how to decrypt any password.

Encrypted characters are in the range 32..127. First perform a logical
and with 0x7f. If the result is smaller than 32, add 32.

- mark