Shoutbox

A classic: lost .ple password. - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! Help (/forumdisplay.php?fid=12)
+----- Thread: A classic: lost .ple password. (/showthread.php?tid=74623)

A classic: lost .ple password. by ItsLost on 05-23-2007 at 07:20 AM

I already found there's no other way to retrieve it but to crack my head about it.

But, a little extra info could help me:

*is the password case sensitive?
*can somehow be revealed how many characters were used for it?

Thanks already!


RE: A classic: lost .ple password. by MattyRid on 05-23-2007 at 07:23 AM

Not that I'm aware of, and that goes for the 2 of them. That is unless there is something hidden :P


RE: A classic: lost .ple password. by Ezra on 05-23-2007 at 08:24 AM

IIRC the password itself isn't stored anywhere, plus! just tries to decrypt the file with the given password and check the first couple of bytes for a special string that should be readable then. If it's not it will error that the wrong key was used.


RE: A classic: lost .ple password. by ItsLost on 05-23-2007 at 08:37 AM

quote:
Originally posted by Ezra
IIRC the password itself isn't stored anywhere, plus! just tries to decrypt the file with the given password and check the first couple of bytes for a special string that should be readable then. If it's not it will error that the wrong key was used.

Indeed, but I found a thread indicating that the first lines of the encrypted file could contain a clue about the password. Not much, but maybe its length?

And then there's the question iif the password is case sensitive. If it isn't, that would already seriously decrease the different possibilities.
RE: A classic: lost .ple password. by Ezra on 05-23-2007 at 09:23 AM

I'm guessing the thread you mean is Tool to encrypt or decrypt log files

There is indeed something said about a password check length, but I think this is the length of this string I meant that plus! compares to see if it's correct.


RE: A classic: lost .ple password. by CookieRevised on 05-23-2007 at 09:29 AM

quote:
Originally posted by ItsLost
Indeed, but I found a thread indicating that the first lines of the encrypted file could contain a clue about the password. Not much, but maybe its length?
Whoever claimed that is wrong. There are no clues what-so-ever in an encrypted log.
quote:
Originally posted by Ezra
There is indeed something said about a password check length, but I think this is the length of this string I meant that plus! compares to see if it's correct.
indeed.



quote:
Originally posted by ItsLost
And then there's the question iif the password is case sensitive.
All passwords are case sensitive.
RE: A classic: lost .ple password. by ItsLost on 05-23-2007 at 09:34 AM

quote:
Originally posted by Ezra
I'm guessing the thread you mean is Tool to encrypt or decrypt log files

There is indeed something said about a password check length, but I think this is the length of this string I meant that plus! compares to see if it's correct.

Good guess.

It is indeed comparing something. And if it can do that, there must be stored something to compare with.
RE: A classic: lost .ple password. by Ezra on 05-23-2007 at 09:36 AM

quote:
Originally posted by ItsLost

It is indeed comparing something. And if it can do that, there must be stored something to compare with.

Yes, but this won't give you any clues to what the password is or how long it is.

It will tell you if you have the correct password AFTER decrypting the file with the right password.
RE: RE: A classic: lost .ple password. by CookieRevised on 05-23-2007 at 09:41 AM

quote:
Originally posted by ItsLost
quote:
Originally posted by Ezra
I'm guessing the thread you mean is Tool to encrypt or decrypt log files

There is indeed something said about a password check length, but I think this is the length of this string I meant that plus! compares to see if it's correct.

Good guess.

It is indeed comparing something. And if it can do that, there must be stored something to compare with.

I think you're confusing things though.


What is being compared is a special string, not a password! The string is like an encrypted mini-log and is decrypted using the password you provide to check if the password is correct. This is done so the entire, often very big, real log doesn't need to be decrypted in order to see if the password is correct or not.

Only if this mini-log is properly decrypted Plus! will start to decrypt the real log. If that mini-log isn't properly decrypted you get the error that the password was incorrect.

The 'length' talked about in that thread is the length of this mini-log, not the length of the password. In that thread this "mini-log" is called "encrypted password check string".

The password, nor any clues about it, aren't stored anywhere.
RE: RE: RE: A classic: lost .ple password. by ItsLost on 05-23-2007 at 10:36 AM

Thanks for the explanation, although it's bad news ;-).

I'm totally not into encrypting. My idea/hope came from the 'analogy' of the key and the keyhole. The password is used to 'unlock(decipher)' the file like a key is used to unlock the lock. Looking at the keyhole gives some idea about the key as well.

Then, another strategy.

If I limited the amount of characters for the password to let's say 10, and taking into account 2*26 + 10 possible characters, I end up with 8.53E+17 possible combinations. Take that in combination with a tool like:

Indicates whether the password is valid for specified encrypted file in archive.



[C#]
public bool IsFilePasswordValid(string fileName, string password);



[VB.NET]

Public Function IsFilePasswordValid(ByVal fileName As String, ByVal password As String) As Boolean



Description



Use IsFilePasswordValid to determine whether the password is valid for specified file in archive.



The fileName parameter specifies file name being tested.

The password parameter is a password to check.


(found on http://www.componentace.com/help/fxc_guide/isfilepasswordvalid.htm)

Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?


quote:
Originally posted by CookieRevised
I think you're confusing things though.


What is being compared is a special string, not a password! The string is like an encrypted mini-log and is decrypted using the password you provide to check if the password is correct. This is done so the entire, often very big, real log doesn't need to be decrypted in order to see if the password is correct or not.

Only if this mini-log is properly decrypted Plus! will start to decrypt the real log. If that mini-log isn't properly decrypted you get the error that the password was incorrect.

The 'length' talked about in that thread is the length of this mini-log, not the length of the password. In that thread this "mini-log" is called "encrypted password check string".

The password, nor any clues about it, aren't stored anywhere.

Moreover, another thought. Any new chat log is encrypted using the same password, without having to provide that password every time. That means Plus! is keeping it somewhere?
RE: A classic: lost .ple password. by MeEtc on 05-23-2007 at 11:45 AM

quote:
Originally posted by ItsLost
Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?

Sure, I suppose anything is possible, but it might take a couple thousand years to loop through every possible combination using a standard desktop PC

RE: A classic: lost .ple password. by ItsLost on 05-23-2007 at 11:49 AM

quote:
Originally posted by MeEtc
quote:
Originally posted by ItsLost
Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?

Sure, I suppose anything is possible, but it might take a couple thousand years to loop through every possible combination using a standard desktop PC

Well, they're a lot of combinations, but modern PC's are powerfull enough I suppose.
RE: A classic: lost .ple password. by joey on 05-23-2007 at 11:50 AM

quote:
Originally posted by ItsLost
quote:
Originally posted by MeEtc
quote:
Originally posted by ItsLost
Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?

Sure, I suppose anything is possible, but it might take a couple thousand years to loop through every possible combination using a standard desktop PC

Well, they're a lot of combinations, but modern PC's are powerfull enough I suppose.


yeah but it would take a hell of a long time, no matter how powerful you pc was.
RE: RE: A classic: lost .ple password. by ItsLost on 05-23-2007 at 11:52 AM

quote:
Originally posted by ICD
quote:
Originally posted by ItsLost
quote:
Originally posted by MeEtc
quote:
Originally posted by ItsLost
Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?

Sure, I suppose anything is possible, but it might take a couple thousand years to loop through every possible combination using a standard desktop PC

Well, they're a lot of combinations, but modern PC's are powerfull enough I suppose.


yeah but it would take a hell of a long time, no matter how powerful you pc was.


How many checked combinations per second would be possible?
RE: A classic: lost .ple password. by foaly on 05-23-2007 at 03:29 PM

quote:
Originally posted by ItsLost


Moreover, another thought. Any new chat log is encrypted using the same password, without having to provide that password every time. That means Plus! is keeping it somewhere?

it does but that won't do you any good...
it is stored in your register... search for LogPrivateKey
and you'll find it...

RE: RE: RE: RE: A classic: lost .ple password. by CookieRevised on 05-23-2007 at 06:36 PM

quote:
Originally posted by ItsLost
I'm totally not into encrypting. My idea/hope came from the 'analogy' of the key and the keyhole. The password is used to 'unlock(decipher)' the file like a key is used to unlock the lock. Looking at the keyhole gives some idea about the key as well.
I understand the analogy. But the analogy isn't an analogy for encryption though. Encryption works in a different way.

Aka: you can not look at the keyhole and even if it was possible, you can't decypher what kind of key you need. You don't even know the size of the key you need.

quote:
Originally posted by ItsLost
Would a modern pc be up to that job, taking into account the password is only verified in that mini-log, as you described it?
A PC doesn't need to be "powerfull" at all. You could do it on an antique PC running on 10Mhz too. The important factor is speed. But even on a more than average fast PC, it would take an extremely long time...

quote:
Originally posted by ItsLost
Moreover, another thought. Any new chat log is encrypted using the same password, without having to provide that password every time. That means Plus! is keeping it somewhere?
It keeps it in the registry, BUT this password is also encrypted....

----------------

Note that people have discussed all this since a long time (as long as encryption of logs has been added to Plus!). Search the forums and you'll see exactly the same threads as this one with exactly the same questions and thoughts. And even back in the days when the encryption was many times weaker as it is now, nobody has ever been able to 'crack' any logs. To be honest, don't bother and give up, you'll be wasting your time.