Determine Encryption Algorithm from Keys, Seed, Plaintext, and Ciphertext

2
votes

We have software that encrypts some data in our database (like credit card numbers, social security number, etc) when it writes to it (and it decrypts it again when reading).

We would like to be able to decrypt that data outside of this software, on our own.

From analyzing the data, this is what I've found:

var adminSoftwareUserName = "Admin";
var adminSoftwarePassword = "Password1";
var adminDatabaseUserID = "41646d696e"; // toHex("Admin")
var adminDatabasePassword = "0600ba25691008d870a958e99901048351281bf900"; // "06" + sha1("Admin:Password1").Truncate(-2) + "00"; weird, I know.
var seedValue = 5652653467996391684;
var adminMasterEncKey = "AQAj777KYvlNJ45LtB5DD1iOAOzLno5rdWTblRGYI8YWbXZ+75A=nNTLd6+81GoCnHsQYcisrprtBQyNRhDjKzScw7MpQBIsIpHseaQ8jq2pwvqfQ/DS1GxwQ2FV7N0/yTP/Qz5tuao+GsIpCBihXcdDJqQy4rTT+EEZQaYEgikRmGhZPSHw0HEJMnDHO1tkOsgtSDfrnecJ5HSGDN6/huVpEvCgWPl0HFtzTsD6zWYNGc70A9lH";
var ccNumEncKey = "AQAj777KsPF4Pc1SD0KyRthi7gXDhMz+BhGGmPvSjXAo8bwiJW0=qCqpVK/tmWyNd3q2faSOTlZC1Nn33DUfrv/kSnbFi9/QjAjZ+lF02//MWLpNZ0XGhV62tvCURBJFssgGlL6d2m4pKINX05TOEOzweQmCMS9Bgtl6E7FEw7U1BxjV4h1xKG5ZoSpiKY5ZQvCvmnEtRU5SrnbA+kYtPjR+rTMAEASnwbrWc0u1I4KbRBv+KXfe";

var plaintextCcNumber = "test";
//                                                                          | base64 here            |
var encryptedCcNumber = "AQAj777KFma5vZ9Bb1sX8+MFpkqa473IFWRShg+pKNmKwrm7BPg=zbDc68fp0zceSvevnNuG2g==";

Whenever I change the admin password, both keys are updated, as is the ciphertext. The seed does not change.

Identical plaintext values are always encrypted to the same ciphertext (as long as the password/key isn't updated).

The encrypted CcNumber has a base64 encoded part.

The keys and ciphertext always start with "AQAj777K", even after the password/keys are updated.

The documentation from the software manufacturer states the following:

The software complies with PCI security standards that require cardholder information be encrypted using standard algorithms and encryption key lengths.

When you create the Administrator user and other user accounts, the software generates three pieces of information that are used to protect credit card information:

  • A Data Access Key: This is a 128-bit AES encryption key used to encrypt the credit card numbers.
  • A per-user Master Key: This is a 128-bit AES encryption key that is generated for each user. The Master Key encrypts a copy of the Data Access key and any other encryption keys that the user has access to use.
  • A Password-Derived Key: This is a 128-bit AES key that is generated using a seed value and each user’s password. The Password-Derived Key is used to protect each user’s copy of their Master Key.

The software creates these keys when the administrator user is set up and when the administrator creates additional user accounts. The administrator’s Master Key is used to manage other users’ Master Keys and each user’s copy of the Data Access keys that they have access to use.

My question: from the information provided, is the method for encryption/decryption easily guessable?

2
securityencryptioncryptography
Mods: if you think this is better suited to crypto.stackexchange.com please move it! :-) - David Murdoch
The comment on adminDatabasePassword looks wrong; sha1("Admin:Password1") is 778e46b181151e5d4a52043c6034af5c29b97a9b. - erickson
@DavidMurdoch AFAIK, "guess the cipher" questions are not entirely welcome at crypto. - Duncan Jones
@erickson, Sorry about that. It is actually sha1("AdminPassword1"), without the colon. Here is the exact method used to create the hash: gist.github.com/davidmurdoch/7c6b5de25027cac89c05 (C#). - David Murdoch
@Duncan, makes sense. Though I have probably provided more background information about the data than most of these types of questions. - David Murdoch

2 Answers

1
votes

I see several ways: (a) analysis of the software by the cryptoanalyst, and (b) contacting the vendor. Trial-and-error way won't work as you don't know what conversions (if any) are performed on the data before encryption. And knowing this requires either a or b above.

-1
votes

To avoid this being removed, I'll first address the question.

My question: from the information provided, is the method for encryption/decryption easily guessable?

Given the information provided, the method used for encryption and decryption can be determined. They use 128-bit AES encryption. In theory you could get to the Data Access Key by using the Password-Derived Key to get the per-user Master Key and then their stored copy of the Data Access Key, however you'd need the seed value the Vendor used(I'm assuming you have a user password as you should have access to the Admin's) which could be anything. So yes, the method is easily guessable.

However, this answer was submitted to prevent anyone attempting to solve a QuickBooks issue from using this answer as a step forward. Though it is clear this user is attempting to decrypt, encrypted QuickBooks data, please do not attempt to use this to do so yourself. If your user cannot view data outside of seeing the encrypted 'AQAj777K' results, then use the Admin account to delete and recreate their user account. This resolves the issue that is caused when the account's password is changed but the data isn't decrypted and re-encrypted properly.

Please leave for future users to see if they end up here after searching for the 'AQAj777K' result.

Edited due to moderator response.