Adam Shostack (adam@homeport.org)
Tue, 23 Jun 1998 08:44:58 -0400 (EDT)
Part of doing research is to ensure you're not re-inventing
the wheel before you start doing hard work. I'm perfectly happy to
have Mike ask questions about this stuff; the answers are often
enlightening to the rest of us.
Anyway, Access97 passwords are stored in the 13 bytes from offset
0x42 in a .mdb file. Do a bitwise XOR with 0x86, 0xFB, 0xEC, 0x37,
0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 to recover the
plaintext. I think that if the first byte is 0x86, the password is
not checked.
Adam
acpizer@mach.unseen.org wrote:
| You call yourself "Cryptographer / Programmer" but can't figure out how
| access' password verification algorithm works?
|
| You expect everybody to help you, earn your money and do it YOURSELF.
|
| stop asking stupid questions and do the research on your own.
|
| signed,
| acpizer.
|
|
| On Fri, 19 Jun 1998 staym@accessdata.com wrote:
|
| > Does anyone know what algorithm MS uses to verify passwords for Access
| > 2.0 accounts?
| > --
| > Mike Stay
| > Cryptographer / Programmer
| > AccessData Corp.
| > mailto:staym@accessdata.com
| >
|
-- "It is seldom that liberty of any kind is lost all at once." -Hume
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:18:53 ADT