Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Security In General >> Security >> Searching for hash method used
(Message started by: Pete Finnigan on May 15th, 2014, 2:43pm)

Title: Searching for hash method used
Post by Pete Finnigan on May 15th, 2014, 2:43pm
Hi,

We have an obscure application (will not mention the name to protect it:-) ) and it stores password in a Oracle table. My own password is somehow hashed (I assume it's an hash) and looks like this:

azrg3+lIO+NUjwOEUUs9GMb+2mr1

I think it's a base64 encoding of some hash but am not sure. Does someone know a good site where I can check what kind of hashing/encoding this is?

regards,

Ivan

Title: Re: Searching for hash method used
Post by Pete Finnigan on Jul 2nd, 2014, 10:55am
Hi Ivan,

Sorry for the late reply; things are very busy for me and I was just told by someone some unanswered posts are on my forum.

There is little to go on except that it could be base64 but it decodes to binary.

I would look at things like length to see if its a standard length for a known algorithm, or change your password 4 or 5 times and compare the hashes but change your password by one character if you can, so set it to "a" and then "b" or if length is enforced then "passworda" "passwordb"... and see if there is a noticable change in the hash or its completely random. If you can see a pattern its almost certainly not a hash and almost certainly no salt. If its random then it could very well be a hash but if its a salted hash then you would not have the salt (maybe its your username!). If so try an online hash site for common algorithms and try hashing your password to see if you can generate the same value.

hth

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board