• Post Reply Bookmark Topic Watch Topic
  • New Topic

Decoding base64  RSS feed

 
Krispin Kilmurray
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm working on a java programme for password retrieval. The first step is to decode 3 base64 strings

saltValue="6+lFmItU4SjvZ6U3/pv/ag=="
encryptedVerifierHashInput="oXx72yTzeHNJDKykDq4Hsw=="
encryptedVerifierHashValue="+cgdUZWHO/uRoQW8ltUyiFGUGYsTBolgtigxJ1ICrkBAPpGIdan1xeudqb+CeEUn7xKQWdQMPiX4K2wa9MqAGg=="

John the Ripper gives the output as

ebe945988b54e128ef67a537fe9bff6a
a17c7bdb24f37873490caca40eae07b3
f9c81d5195873bfb91a105bc96d532885194198b13068960b62831275202ae40

However, when I try to replicate this using this java code I get completely different strings.

‚¢d@~©t£ËÌ´¯_3dý

Anyone know what I'm doing wrong?
 
Tim Moores
Saloon Keeper
Posts: 4024
94
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Seeing "base64" and "password" in the same sentence sets off an alarm - base64 offers no security, and is thus not suitable for passwords (which should be hashed using SHA-2 or a similarly strong algorithm). So I hope this is just for learning Java, and not meant to be used for any actual passwords.

Seeing the Java code you're using would help. You could always use a standard library such as http://commons.apache.org/proper/commons-codec/ (which includes a Base64 implementation) to check your results. Or use a site like https://www.base64encode.org/ to encode and decode online.
 
Krispin Kilmurray
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No it's a project for college as part of a security module. After the fields have been encrypted with AES using a derived key they are finally encoded using base64. If I really wanted to open a document that bad I'd use JtR, I need to learn how the encryption and decryption work. Most of it I have a good grasp on but the bloody base64 is really annoying. The worst part is, I worked it out a month ago and got the same values as JtR so I know it's something silly I'm doing.
 
Stephan van Hulst
Saloon Keeper
Posts: 7973
143
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The output JtR gives looks like hex. They probably decoded the base64 to binary, and then encoded the binary to hexadecimal.
 
Stephan van Hulst
Saloon Keeper
Posts: 7973
143
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Oh, since Java 8, Java has its own java.util.Base64 utility.
 
Krispin Kilmurray
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's exactly what it is Stephan Van Hulst, thank you. I don't know how I didn't realize that. Better leave that out of the report Thanks again.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!