Check if string is a hash

I'm using SHA-512 to hash my passwords (with a salt ofcourse). I don't think that what I want is possible, but let's ask anyway.

Is there a way to check开发者_如何学Go if a string is a SHA-512 (or another algorithm) hash already?

When a user logs in, I want to do a check on his password. If it's still in plain text, it should get converted to a secure form.

Your task is extremely simple and require no strings checking.

Just compare entered password with stored one first.
If matched - here it is, a plain password. So, you can start conversion process.

As @zerkms already mentioned the string length is the most obvious thing you can test against. Also hashes usually are written in hexadecimal, so it only consists of the digits 0 to 9 and the characters a to f. Or as regular expression

/[0-9a-f]{64}/i

I'm a bit confused by this question.

When a user enters his or her password on your website, you can assume that the value in $_POST['password'] (or whatever you name it) is in plain text. Even if the user is using the result of a hash function as their password, that doesn't matter, since as far as your application is concerned, it's still plain text. That is, the hashed value is the users password, no matter the steps they took to create it, as the entry of that value into the system results in access for that user. The point of hashing user-submitted passwords on the server is so that even you don't know that users password. That way, if your database is compromised, the users password isn't revealed.

Once you have the password, you retrieve that users salt and hashed password from the database. You take the submitted form, hash it with the user-specific salt, then compare it to the pre-hashed password from the database. If the hashed submission and the pre-hashed database values match, then you can assume the correct password was entered.

The only reason I can see for doing things as you describe, is if you had previously stored your passwords in plain text, and are now in the process of converting them all to hashes. In that case, you should simply assign each user a unique salt, hash their current plain-text password + salt, and store that as their new password. This conversion should occur all at once, when the "hashwords" are enabled, rather than doing it piecemeal as the users login for the first time post-transition.

Obviously the only way to guess is to check the string length. I bet no one has so long password.

why u want to check the hashed password during login.no user put hashed string as a password.

u must check like this

if (sha1($input_password) === 'your hased password') {
    //go ahead
}

You can hash the user password when he/she submit the form, this require javascript ofcourse.

function myOnSubmit(aForm) {
    //Getting the password input object
    var inputPassword = aForm['password'];

    //Hashing the password before submitting
    inputPassword.value = sha512_hash(inputPassword.value);

    //Submitting
    return true;
}

Your form will be like this:

<form onsubmit="return myOnSubmit(this);">
<input type="text" name="login"><br>
<input type="password" name="password"><br>
<input type="submit" name="send">
</form>

As I know, there is no sha512 native function come with JS, so you need sha512 function, you may check this.