Decrypting usenet headers
#1
I am trying to decode some of the headers from some posters on usenet, to determine if they post from the same host. One is using individual.net as provider and the other is using eternal-september.

Does anyone know what kind of encryption they use? Here is an example individual.net header I am trying to decode:

Code:
X-Trace: individual.net q8cNyBZr8H6vQw1XWBg3Lw/QBrMuMlRjgDz4A0vDV6dfOCokS6


And here is the eternal-september header:

Code:
Injection-Info: mx02.eternal-september.org; posting-host="3a7acd6b6bbfe9e4e33e3a357762cf34"; logging-data="10878"; mail-complaints-to="abuse@eternal-september.org";    posting-account="U2FsdGVkX19bCgrkbEjt4gDrFKNANCce"


Where the relevant part is "U2FsdGVkX19bCgrkbEjt4gDrFKNANCce", which is the "posting-account" part. The posting-host part is irrelevant in my case.

The eternal header is base64 and starts with "Salted__" so I am assuming some form of AES encryption, but I'm not sure. According to a source, this string contains the account name of the poster, but no personal information, so the idea here is to find out if several persons using eternal-september are posting from the same account.

Any ideas are welcome.


Messages In This Thread
Decrypting usenet headers - by Somnambulist - 09-23-2016, 10:19 PM
RE: Decrypting usenet headers - by radix - 09-25-2016, 12:34 AM
RE: Decrypting usenet headers - by Somnambulist - 09-26-2016, 07:14 AM
RE: Decrypting usenet headers - by radix - 09-26-2016, 03:12 PM
RE: Decrypting usenet headers - by pragmatic - 09-30-2016, 12:12 AM
RE: Decrypting usenet headers - by Somnambulist - 09-30-2016, 11:30 AM
RE: Decrypting usenet headers - by rico - 09-30-2016, 11:05 PM
RE: Decrypting usenet headers - by Somnambulist - 10-02-2016, 09:59 AM
RE: Decrypting usenet headers - by pragmatic - 10-03-2016, 06:53 PM
RE: Decrypting usenet headers - by pragmatic - 10-03-2016, 07:04 PM
RE: Decrypting usenet headers - by Somnambulist - 10-08-2016, 06:14 PM
RE: Decrypting usenet headers - by Somnambulist - 10-09-2016, 11:29 AM