14

In this article and this XKCD, they both show the password data as groupings of hexadecimal.

However, in the file it's base64 encoded. What could I use to match that output with bash scripting? I've tried:

echo -n "7WkoOEfwfTTioxG6CatHBw==" | base64 -d
echo -n "7WkoOEfwfTTioxG6CatHBw==" | openssl enc -d -base64

What is it they are doing, and how do I decode them to hex blocks?

xkcd Encryptic

Community
  • 1
  • 1
Ehryk
  • 1,781
  • 2
  • 24
  • 46

1 Answers1

20

If I understand this correctly, I think the requirement is to translate a base64 encoded string to a hex string in blocks of 8 bytes (16 hex digits). If so, od -t x8 -An, after the base64 decoding will get you there:

$ echo -n "7WkoOEfwfTTioxG6CatHBw==" | base64 -d | od -t x8 -An
 347df047382869ed 0747ab09ba11a3e2
$
Digital Trauma
  • 13,834
  • 2
  • 40
  • 73
  • I'll test this once I'm back at home, if it works I'll mark this as the answer. Thanks! – Ehryk Nov 07 '13 at 22:03
  • P.S. How did two independent sources 'agree' on a rather specific base 64 decoding to hex string blocks of 8 bytes, and present it the same way? – Ehryk Nov 07 '13 at 22:03
  • @Ehryk - I don't think that there is much to have to come to agreement on. A string of ascii characters maps in a 1:1 fashion to its base64 encoding. Similarly a string of ascii characters maps in a 1:1 fashion to its hex string representation. Therefore by association, the base64 encoding maps in a 1:1 fashion to its hex string representation. – Digital Trauma Nov 08 '13 at 17:46
  • ... and then they both separated them into 8 byte/16 digit blocks. I suspect this has something to do with the underlying 3DES encryption, but it seems like this was 'intuitively understood' by both authors. Is it this obviously 'the thing to do' somehow? – Ehryk Nov 08 '13 at 18:30
  • Yes - 3des blocksize is 64bits (or 8bytes or 16hex digits or 8*4/3 base64 "digits") http://en.wikipedia.org/wiki/Triple_DES – Digital Trauma Nov 08 '13 at 19:18
  • Thank you for the information! I suppose the only question that I have remaining is - given a random string that is password data: How is it clear that it's Base64 encoded, how is it then clear that the underlying encryption is 3DES and thus it should be shown as a hex string in 8 byte blocks? Is there a 'test' for Base64 encoding, other than seeing = or == at the end of some of them? – Ehryk Nov 08 '13 at 19:32
  • This might be helpful http://stackoverflow.com/questions/475074/regex-to-parse-or-validate-base64-data – Digital Trauma Nov 08 '13 at 20:02