Breaking an Encryption

I'm writing a program that interfaces with http://www.allmusic.com.

I am trying to find a way to break the encryption on their SQLIDs. Here is a typical URL to an album on their site:

http://allmusic.com/cg/amg.dll?p=amg...0:olsqoayaiijn

... The part worth noting is everything after the colon: "olsqoayaiijn". This can be up to 35 different random combination of letters, and will still take you to the same album. Refresh this discography page a few times and watch how the URLs to the albums change each time: http://allmusic.com/cg/amg.dll?p=amg...lozefbkhgf8~T2

On that album page, they list their "AMG Album ID" which is "P 26810".

It seems logical to assume that "26810" can be encrypted to make "olsqoayaiijn" along with these other combinations:

vgivadoku8w1
ylanqjoiojsa
0nfexqljldse
61420r5ay48z
sqkcikpkbb19
2kt67ue0o0jg
w4fe4j573wau
fh4gtq7zmu44
yva9kext0q7c
eyf1zf0oeh7k
5ckxu3ejanok
1fpsa9qgi23a
pq1ibks9kakc
ogd1vwvua9ik
w0jv7i21g7or
ob9yxdfb1ol0
xu5h8qbmbtn4
lnsxlf0ejcqe
4z811vj1zzca
7hq4g4fmtv4z
bun8b5x4msqh
ekug6j2o71t0
qf9as31ia3pg
20o7gjwr16iv
fbd0ylo1xp9b
cq1m964ogep7
olsqoayaiijn
s96gtr2wkl5x
4q67mpcg9f1o
0y7zefekogf1
xvec97y0krat
51rz286y054a

It's always possible that there is no encryption going on here and a block of random numbers/letters is assigned to each new album, but I am hoping that is not the case.

Does anyone have any ideas on ways I could figure out how to encrypt/decrypt one of those?

[EDIT] - If someone wants to try to break the encryption on their own, I have plenty of files of data of different encrypted forms of ID numbers.

I would love the answer to this, as i seen the same thing on some captcha .

The problem is that your assumptions, though possibly right, are also possibly wrong. It is probably more likely that the changing hash is because it hashes something else with the album number OR it uses your cookies to store the album number and hashes something else.

A lot of sites that use hashes include meaningless data in the hashing process because it doesn't take extra time (or much, if it does) to encode and it adds protection

It definitely isn't based on cookies, because the links can be bookmarked and work for everyone.

It is possible that it's based on some meaningless data.

But, if it were based on just the ID, where would I start to decrypt it?

First thing you would need to know is how the data is "encrypted"...technically, it's not encryption, it's most likely a hash which is totally different (you can feed a hasher any size data and it always returns the same length string...the string is a representation of values of ranges of data within the file rather than a representation of specific individual bytes)

Once you know how the file is hashed (what method is used) you could write a brute force program to attempt to break the hash by sending possible data to the hasher (which you would have to write into your code too :-))

The strings you posted were 12 characters long, so I don't know anything about the type of hash. MD5 is 32 and HEX characters only, CRC32 is 8 and HEX again...yours has a-z rather than a-f so you might have to look around a bit to find out what encryption method they're using *IF* it is public. If you're really unlucky, they've written it themselves :-)

Meh. This is sounding as hopeless as I originally thought. Sad times. I guess I'll just give up and stick to one of the many possible hash identifiers instead of a static one.

Good luck with it...I wrote a hash cracker for MD5 and it's a very slow process and is hit or miss whether you actually achieve what you want :-)