Re: MS Access 2.0

Adam Shostack (adam@homeport.org)
Tue, 23 Jun 1998 08:44:58 -0400 (EDT)

• Next message: Adam Shostack: "Re: snake oil"
• Previous message: Matthew T Darling: "Re: cryptanalysis for beginners.."
• In reply to: Nicholas Charles Brawn: "cryptanalysis for beginners.."
• Next in thread: acpizer@mach.unseen.org: "Re: MS Access 2.0"
• Reply: acpizer@mach.unseen.org: "Re: MS Access 2.0"

        Part of doing research is to ensure you're not re-inventing
the wheel before you start doing hard work. I'm perfectly happy to
have Mike ask questions about this stuff; the answers are often
enlightening to the rest of us.

   Anyway, Access97 passwords are stored in the 13 bytes from offset
0x42 in a .mdb file. Do a bitwise XOR with 0x86, 0xFB, 0xEC, 0x37,
0x5D, 0x44, 0x9C, 0xFA, 0xC6, 0x5E, 0x28, 0xE6, 0x13 to recover the
plaintext. I think that if the first byte is 0x86, the password is
not checked.

Adam

acpizer@mach.unseen.org wrote:
| You call yourself "Cryptographer / Programmer" but can't figure out how
| access' password verification algorithm works?
|
| You expect everybody to help you, earn your money and do it YOURSELF.
|
| stop asking stupid questions and do the research on your own.
|
| signed,
| acpizer.
|
|
| On Fri, 19 Jun 1998 staym@accessdata.com wrote:
|
| > Does anyone know what algorithm MS uses to verify passwords for Access
| > 2.0 accounts?
| > --
| > Mike Stay
| > Cryptographer / Programmer
| > AccessData Corp.
| > mailto:staym@accessdata.com
| >
|

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

• Next message: Adam Shostack: "Re: snake oil"
• Previous message: Matthew T Darling: "Re: cryptanalysis for beginners.."
• In reply to: Nicholas Charles Brawn: "cryptanalysis for beginners.."
• Next in thread: acpizer@mach.unseen.org: "Re: MS Access 2.0"
• Reply: acpizer@mach.unseen.org: "Re: MS Access 2.0"