In honor of Cyber Security Awareness Month, here is a challenge for anyone interested in database security, encryption, algorithms, etc.  We have a vendor-supplied application which connects to a production database as the owner of its own schema.  That is, the application has full access and privileges to select/insert/update/delete any application data.  Privileges for application users are controlled within the application itself.  This, by the way, is a very common practice for database applications.

One problem with this particular application, however, is that for some reason it stores a copy of the login credentials for the database for each application user.  These are the same credentials the application itself uses to connect to the production database, so the username and password fields for each application user should be the same.  Obviously it would be better to store a single copy of those credentials and reference them for each user.

That isn’t the big problem, however!  The big problem is that anyone with access to that table can retrieve the encrypted passwords and decrypt them if they can figure out the algorithm.  Once decrypted, they can then connect as the application (schema owner) and wreak all sorts of havoc.  I am posting this as a caution — even “read-only” access can be dangerous if users can use that information to get a higher level of access.  Keep in mind that most attacks come from inside a company!

So, the challenge here is to find the algorithm to decrypt the passwords.  Here is a list of some of the encrypted values:

109113112117108059101107
053081051100104120120122119128
057081102100123119121118123

To help you along, I will give you up to twenty-five encrypted values for strings that you provide.  That should be more than double the number you need.  The strings you choose are a vital part of the solution, so choose wisely!  You may leave them in a comment.  Comments are moderated, so nobody else will get a hint by seeing the strings you’ve chosen and I will send the encrypted values to you via e-mail, so please use a real e-mail address if you want to participate.

Your task is to describe an algorithm to decrypt the passwords, write code (in any language you wish) to decrypt them, and successfully decrypt the passwords above plus three more I will provide after you successfully decrypt those.

I was able to crack this pretty easily and will post my code (written in PL/SQL) once some others have had a chance to play.  Good luck!

A recent raccoon attack, in which we lost two of our dear hens, emphatically reminded us just how important it is to close our coop door at dusk before the night predators come looking for dinner. An automated door also helps maximize the daylight the girls receive which boosts egg production. We still check daily to make sure the system is functioning properly, but don’t have to rush home at dusk or hope that our 10-year-old grandson remembered to close the door.

Here are the parts used:

• Add-a-Motor D20 Chicken Coop Motor – Amazon
• Amico DC 12V Timer – Amazon ($9.80)
• Aluminum step plate, 12″x24″ – Lowe’s (about $10)
• 1x3x36″ Red Oak – Lowe’s (about $4)
• 16″ Drawer slides – Home Depot (about $13)
• Used car battery, still good – From someone who bought a battery when they needed an alternator, paid their “core charge” ($10)
• 2×3 lumber for sides and top of door – reused from previous door
• 1/8″ lattice strips – reused from previous door
• Adhesive weather stripping – already on hand
• 12V trailer light and toggle switch for manual override – Walmart (about $6 total)

1. The 2x3s have the lattice strips attached to them on the back/out side.  This is the side which would be against the interior wall of the coop, so the screws are countersunk.  This provided a channel for the door to slide between the 2x3s and the wall in the previous design, but the door would catch on the wood at times, even after rounding the corners.  Now that space is used for weatherstripping since the door is set about 3/32″ off the wall.
2. The opening on our coop is about 10″W x 15″H, so I cut the aluminum plate down to 12″x16″ using a jigsaw and a straight edge guide.  The oak 1×3 was cut into two 16″ pieces and attached to the edges using #6×3/4″ wood screws.  The screws were countersunk here as well to provide clearance against the wall (see previous photo).  I highly recommend doing this with the countersink bit in a drill press using a depth stop.  I tried it with a hand drill and it would catch unexpectedly and tear out the holes.  Drawer slides were attached to the 2x3s and 1x3s.  I attached a section of 1×2 and a strip of oak ripped to 3/8″ to the top of the door for attaching the line from the motor.
   
3. The spool on the motor is about 1.5″ from the wall, so the hole in the top beam and the spacer on the top edge of the door were set to keep everything in the same vertical plane.  The motor uses braided 100# fishing line which it attached to the door using a rubber sealing washer.  The line is not tied, it is only held by pressure between the rubber and the oak — the idea being that if the door gets stuck the line will slip out instead of burning out the motor.  That is why I used oak for the spacer — that screw needs to be tight.
   
4. Even though the timer has a “manual” button to activate the switch, it is difficult to see whether you’ve set it back to “auto” so I wanted an override switch to make things easier for my wife/grandson to open the door manually.  I also wanted a red reminder light because if the switch is left “on” the timer will not operate the door.  Finally, I also added an automotive dome light (not pictured) that can be turned on independently to help see the display when adjusting the timer.
   

   

   A bunch of connectors!

   

   Manual operation switch and reminder light

   
   
5. It works!
   Automated Coop Door (YouTube)
6. In the near future I will be adding a solar panel to keep the battery charged.  The motor doesn’t use much power so an inexpensive “battery maintainer” will work.