• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Decoding base64

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm working on a java programme for password retrieval. The first step is to decode 3 base64 strings

saltValue="6+lFmItU4SjvZ6U3/pv/ag=="
encryptedVerifierHashInput="oXx72yTzeHNJDKykDq4Hsw=="
encryptedVerifierHashValue="+cgdUZWHO/uRoQW8ltUyiFGUGYsTBolgtigxJ1ICrkBAPpGIdan1xeudqb+CeEUn7xKQWdQMPiX4K2wa9MqAGg=="

John the Ripper gives the output as

ebe945988b54e128ef67a537fe9bff6a
a17c7bdb24f37873490caca40eae07b3
f9c81d5195873bfb91a105bc96d532885194198b13068960b62831275202ae40

However, when I try to replicate this using this java code I get completely different strings.

‚¢d@~©t£ËÌ´¯_3dý

Anyone know what I'm doing wrong?
 
Saloon Keeper
Posts: 7585
176
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Seeing "base64" and "password" in the same sentence sets off an alarm - base64 offers no security, and is thus not suitable for passwords (which should be hashed using SHA-2 or a similarly strong algorithm). So I hope this is just for learning Java, and not meant to be used for any actual passwords.

Seeing the Java code you're using would help. You could always use a standard library such as http://commons.apache.org/proper/commons-codec/ (which includes a Base64 implementation) to check your results. Or use a site like https://www.base64encode.org/ to encode and decode online.
 
Krispin Kilmurray
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No it's a project for college as part of a security module. After the fields have been encrypted with AES using a derived key they are finally encoded using base64. If I really wanted to open a document that bad I'd use JtR, I need to learn how the encryption and decryption work. Most of it I have a good grasp on but the bloody base64 is really annoying. The worst part is, I worked it out a month ago and got the same values as JtR so I know it's something silly I'm doing.
 
Saloon Keeper
Posts: 15510
363
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The output JtR gives looks like hex. They probably decoded the base64 to binary, and then encoded the binary to hexadecimal.
 
Stephan van Hulst
Saloon Keeper
Posts: 15510
363
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh, since Java 8, Java has its own java.util.Base64 utility.
 
Krispin Kilmurray
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's exactly what it is Stephan Van Hulst, thank you. I don't know how I didn't realize that. Better leave that out of the report Thanks again.
 
reply
    Bookmark Topic Watch Topic
  • New Topic