Dell 1D3B

Broken by Design

Back in 2011 Dell recovery password generator for 1D3B BIOS was discovered to have a flaw. It did not use public-private key cryptography. It did not use strong encryption. It did not use encryption at all. It simply repeated the same old hashing it did back in 2000’s.

Now, back in the late 2000’s, when Dell first came up with the recovery password in a tiny BIOS codebase, using MD5 was a barely passible alternative. What did they do this time around?

  • They changed the character mapping table for converting binary into printable characters
  • They looped the same md5 many times over, each time shifting the factors by a set of constants.

This is really security thorugh obscurity. Please, learn from others and their mistakes. Don’t repeat the same.

5 years is a long time to have this ‘bug’. You can test the Dell 1D3B on free password generator, thanks to bacher09 for adding the code to his collection from dogbert.