Working out the encryption algorithm

Question

I'm trying to figure something out. I have a legacy system in place and I'm not using all of it. There are business reasons why we use things this way.

Some fields in the system get encrypted by a piece of middleware that I ultimately would like to replace. I can't replace this part of the system because I can't decrypt the values properly.

For example I have a field that contains the word:

ferret

This is encrypted and becomes:

^ADFJBLFOHLOJFNHHKFJLHFJNPCJFJCPFBAPEKDKM

The words

wellington boot

becomes

^KOKFDEJPAAPFJHPOIGOICOAHKFLNFHMIOJNHAAHF

I can see the unencrypted data and I can see the resulting encrypted data but I am trying to find what algorithm was used to turn the field value into the encrypted versions. The main reason for this is that I have a requirement to massively increase the number of fields that contain the encrypted data but at the moment I can't because I cannot replace the existing encryption mechanism because I don't know what was used to encrypt the data.

There is simply too much data in the system to go through and load up each record and make a note of the unecrypted data so I can make a new encryption mechanism.

If I knew how the existing data was encrypted I could use the same method to encrypt my new fields. The system encrypts certain fields only and my extension to the system needs to encrypt others using the same method.

How can I do this? Is it even possible to find out how the data was encrypted and what method was used?

Answer 1

It is SHA1, translated into A for 0, B for 1, C for 2, etc. For example, your "wellington boot" example has the SHA1 hash of "aea5349f00f..." which is clearly "KOKFDEJPAAP..."

So you can just use SHA1 and do the same translation to continue the pattern.

To check this, try the phrase "test phrase" - the SHA1 of this is "ab8f37d89b1154ba18c78a7e4b8eef2acdfec1eb", which becomes "KLIPDHNIJL..." in your system.