Hey there,
I get that it kind of seems impossible (to me, atleast), but I was wondering if there was a way to backtrack how a password was generated, given you have bunch of usernames (in the form of IDs) and (seemingly) randomly generated passwords.
I have a few samples of IDs (usernames) and passwords, all of the passwords are of length 6 and they're using hex-lowercase chars (abcdef0123456789). Now, I am not sure if these passwords are generated based on the ID or they're just randomly generated based on a random seed or something.
A little background:
The accounts are student accounts and the institution gives these generated passwords on registration.
Could someone shed some light on this matter? If it's not against the site rules I could post the password samples without the ID nor site name, if that's OK.
6 Responses
Great. Thank you :)
One thing worth mentioning, I already have my pass changed for my acc, but when I asked the IT guys for my pass again, they gave me the old one, which led me to think they're generating them somehow and not grabbing them from their database or something. Not 100% sure though.
It's a algorithm. Doesn't take much else for me to talk more. lol.
the million dollar question.
Dunno if it matters or not, but I noticed the first digit is always an odd number.
If they're not using the student ID or even the date registered as elements to generate the password .. then I guess it's pointless to try to figure this out because even if we did, how would we know which pass belongs to which account? :|
look, I understand if you're not willing to crack this without incentives, but could you direct me to the right path so I can search more?
I guess this isn't going anywhere :<
Yeah it kinda makes sense.. I'm still trying myself, the thing is, I have no idea what to look for. I'm currently looking for newbie methods to generate passwords and trying bunch of different combinations to try and see if something is close. So frustrating when I don't know shit lol
in the end it's just gonna turn out that they're randomly generating passwords and not using the id in the generation :|
Share Your Thoughts