[pdkl95]

One day (1994) during AP CompSci, my friend was looking for ways to bypass the cheap Mac System 7 lockdown software ("Mac Control" by BDW Software). He found the fill that changed during password changes, and was astonished to find it was the same length as the password. (N character password -> N byte file)

Me: That sounds trivial to break; have you tried XOR?

Friend: I'll try that now. [Tries ONE value] It's just XORing each character of the password with 0xC9!

Me: Wow, that was fast. Why did you guess 0xC9?

Friend: 0xC9 is 11001001.

Yes, my friend was a huge trekkie. ( http://memory-alpha.wikia.com/wiki/11001001_%28episode%29 )

We spent the rest of high school getting strange looks from teachers that hated that we always seemed to know their passwords, but also wanted our help fixing their computers.

[asaph]

> Me: That sounds trivial to break; have you tried XOR?

> Friend: I'll try that now. [Tries ONE value] It's just XORing each character of the password with 0xC9!

Really? You kids just guessed it on the first try? I'm skeptical.

[pdkl95]

Is is that hard to believe that two different trekkies (my friend, and possibly the author of the software) might have picked the same "random" constant that just happened to be the title of a TNG episode? It was very surprising at the time, but plausible given that people give VERY non-uniform-random values when asked to pick a random number.

Meh, believe it or not, it's what happened. The real lessons are that XOR isn't a very secure hash function, and a lot of high school level "security" has often been little more than a cheap facade.

[a_c]

On hindsight, his friend might XOR a known password's hash with the clear text to uncover OxC9. But coming up the idea on the spot is pretty smart as well