Thursday, June 18, 2015

Cryptography | Identify Different types of Hashes

Cryptographically secure pseudorandom number g...
Cryptographically secure pseudorandom number generator (Photo credit: Wikipedia)
Hello Everyone,

If you are a hacker or a computer Geek or programmer or a general enthusiast regarding computing then you might have come across the term hash or cryptographic hash functions. Many a times even people call hashes as encryption which is absolutely wrong. This is going to be a short tutorial and we will be dealing with how to identify the various types of hashes that we come across. I hope after reading this tutorial you will have some idea that how to identify hashes.

Reader's Note:-

I assume the following while making this tutorial:-

1. You know basics of cryptography. If you don't then read this.
2. You have some experience with programming (though not required much in this tutorial bit its good to know as they will help you understand better).
3. You know basics of PHP [optional].

Let's Begin


Identifying MD5

MD5 hash : It is one of the most common type of hash function and it is used in many sites and is applied in different fields. Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.

Reasons for a hash to be MD5

Length: 32 characters.
Description: They are always 32 characters in length (16 Bytes).They are always hexadecimal (Only use characters 0-9 and A-F)
Algorithm: Same as the md5() function in PHP.

Example :- f5d1278e8109edd94e1e4197e04873b9
 
MD5 (UNIX) : Used in Linux and other similar OS.

Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.

Example:- $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
 
MD5 (APR) : Used in Linux and other similar OS.

Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.

Example:- $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
 
MD5 (phpBB3) : Used in phpBB 3.x.x.

Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number '9'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.

Example: $H$9123456785DAERgALpsri.D9z3ht120
 
MD5(Wordpress) : Used in Wordpress sites.

Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number 'B'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.

Example:- $P$B123456780BhGFYSlUqGyE6ErKErL01

Identifying Salted MD5

Salted MD5 - Used in a large amount of applications to increase hash parity and to increase the time it takes to crack.

General Description : They consist of two blocks connected by a colon, the first is the hash the second is the salt. The first part of the salted hash is hexadecimal, the second is variable case alphanumeric. They first part will always be 32 characters long. The second part can be any length.

md5($pass.$salt) :Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.

Example:- 6f04f0d75f6870858bae14ac0b6d9f73:1234
 
md5($salt.$pass) : Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.

Example:- f190ce9ac8445d249747cab7be43f7d5:12
 
md5(md5($pass)) : Used in e107, DLE , AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.

Example:- 28c8edde3d61a0411511d3b1866f0636
 
md5(md5($pass).$salt) :Used in vBulletin, IceBB.
Length: 16 bytes.

Example:- 6011527690eddca23580955c216b1fd2:wQ6
 
md5(md5($salt).md5($pass)) : Used in IPB.
Length: 16 bytes. 
 
Example:- 81f87275dd805aa018df8befe09fe9f8:wH6_S

md5(md5($salt).$pass) : Used in MyBB.
Length: 16 bytes. 
 
Example:- 816a14db44578f516cbaef25bd8d8296:1234
 
md5($salt.$pass.$salt) : Used in TBDev.
Length: 16 bytes.

Example:- a3bc9e11fddf4fef4deea11e33668eab:1234
 
md5($salt.md5($salt.$pass)) : Used in DLP (More info. :- Here).
Length: 16 bytes. 
 
Example:- 1d715e52285e5a6b546e442792652c8a:1234
Identifying SHA

SHA-1 : Used frequently on the internet and is one of a large family of Secure Hash Algorithms.Used in many forums and CMS.
Length: 20 bytes.
Description :They are always 40 Characters in length (160 bits).They are always hexadecimal (Only use characters 0-9 and A-F).
Algorithm: Same as the sha1() function in PHP. 
 
Example: 356a192b7913b04c54574d18c28d46e6395428ab

sha1(strtolower($username).$pass) : Used in SMF.
Length: 20 bytes.

Example:- Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
 
SHA-256(Unix) : Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.

Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9zYE1v0

SHA-512(Unix) :Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times. 
 
Example:- $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTI​xGEjssvtT1aKyZHjs

Identifying Salted SHA

sha1($salt.sha1($salt.sha1($pass))) : Used in Woltlab BB.
Length: 20 bytes.

Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Identifying Other hash types

MySQL < 4.1 : These aren't used very often but still come up on very often because people have no idea what to do with them, they are used in older versions of MySQL.

Length : 16 characters(8 bytes)
Description :They are always hexadecimal (Only use characters 0-9 and A-F).

Example:- 606727496645bcba
MYSQL5 : Used in newer versions of MYSQL to store database user passwords.
Length: 41 characters
Description :They are always capitalized. They always begin with an asterisk .
 
Example:- *C8EB599B8E8EE7BE9F1A5691B7BC9ECCB8DE1C75
DES(Unix) : Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.

Example:- IvS7aeT4NzQPM

Domain Cached Credentials :Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))

Example:- Admin:b474d48cdfc4974d86ef4d24904cdd91

I hope this information is useful to you and I belief that this post will help many others. 

References : Here

0 comments :

Post a Comment

Follow Me!

Blog Archive

Followers

Visitor Map