ASP Password hashing algorithm
I'm having an issue discovering what hashing algorithm is being used when inserting a password into a database, I have the password in the clear, and the hashed password itself, plus a salt, but I can't figure out开发者_运维百科 what's going on in between (PHP developer, not .NET).
If anyone can help me out with what type of hashing has been used that would be ace.
- The unhashed password: a77U3b3ovil@chee
- The salt: 394279838
- The hashed password: F80ADFC2175F9DB94745E6A9B8CFA575D5B94263C523F9249620BEC958026DB4
It's being inserted into an mssql database via ASP.
Your result has 64 hex char, so 64 x 4 bits = 256 bits in total. That means that it's either
the result of a SHA-256 (but this is a recent algorithm that is not built in to ASP)
use http://hash.online-convert.com/sha256-generator to calc
the concatenation of 2 MD5 hashes
use http://hash.online-convert.com/md5-generator to calc
The output of SHA1, the default hashing algorithm of ASP.NET has 160 bits = 40 chars, so that seems to not fit well with the data you have.
On the other hand, there might be an application salt in the code (see):
computeHash( user.salt + "98hloj5674" + password )
and if you don't know that one, there's no chance to find your answer. Can you 'guess' it? You would need a dictionary attack (try all the possibilities) and the point of using hashes is just that this would take you years (for SHA-256) or hours (for MD5).
I've tried the obvious options (like sha256(Pass & Salt) ) but none of those worked. I'm afraid there is no obvious answer without access to the code.
See this discussion: https://security.stackexchange.com/questions/3989/how-to-determine-what-type-of-encoding-encryption-has-been-used
and here's a page with a few encryption methods that you could run your data through: http://support.persits.com/encrypt/demo_text.asp
精彩评论