8

I know you can compare the length but many hash types have the same lengths.

Is there a way to identify a hash's type and whether it has been salted?

For example:

hash=2bf231b0e98be99a969bd6724f42a691
hash=4ac5a4ff764807d6ef464e27e4d1bee3
hash=4d177cec31d658ed22cc229e45d7265e
Stevoisiak
  • 23,794
  • 27
  • 122
  • 225
evolvd
  • 267
  • 1
  • 4
  • 10
  • 2
    You may also have a look at the following stackoverflow thread (semi-duplicate): http://stackoverflow.com/questions/1442422/determine-hash-algorithm – ChristopheD Jan 18 '10 at 23:18

4 Answers4

8

Yes, it is possible to a degree of some certainty to identify the type of hash algorithm that was used.

One tool that I use a lot to do this is hash-identifier.

For example, I create a hash of the Hash_ID.py file:

$ openssl sha -sha256 Hash_ID.py 
SHA256(Hash_ID.py)= 5382a8826c972f8fa8687efe1f68e475c02af4bf542b0d7e68b9deffd388db96

When running Hash_ID.py it will ask for the Hash to be entered:

$ python Hash_ID.py 
   #########################################################################
   #     __  __                     __           ______    _____           #
   #    /\ \/\ \                   /\ \         /\__  _\  /\  _ `\         #
   #    \ \ \_\ \     __      ____ \ \ \___     \/_/\ \/  \ \ \/\ \        #
   #     \ \  _  \  /'__`\   / ,__\ \ \  _ `\      \ \ \   \ \ \ \ \       #
   #      \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \      \_\ \__ \ \ \_\ \      #
   #       \ \_\ \_\ \___ \_\/\____/  \ \_\ \_\     /\_____\ \ \____/      #
   #        \/_/\/_/\/__/\/_/\/___/    \/_/\/_/     \/_____/  \/___/  v1.1 #
   #                                                             By Zion3R #
   #                                                    www.Blackploit.com #
   #                                                   Root@Blackploit.com #
   #########################################################################

   -------------------------------------------------------------------------
 HASH: 5382a8826c972f8fa8687efe1f68e475c02af4bf542b0d7e68b9deffd388db96

Possible Hashs:
[+]  SHA-256
[+]  Haval-256

Least Possible Hashs:
[+]  GOST R 34.11-94
[+]  RipeMD-256
[+]  SNEFRU-256
[+]  SHA-256(HMAC)
[+]  Haval-256(HMAC)
[+]  RipeMD-256(HMAC)
[+]  SNEFRU-256(HMAC)
[+]  SHA-256(md5($pass))
[+]  SHA-256(sha1($pass))

The way Hash ID works is by checking the hash given against criteria for all the hash types it supports and will give a list of possible hash types.

drac_o
  • 427
  • 5
  • 11
Casey
  • 12,070
  • 18
  • 71
  • 107
7

That particular example is a 32 character alphanumeric representation, which is almost certainly MD5.

SHA-1 usually comes as a 40 character alphanumeric string (as does SHA-0)

MD5 and SHA-1 account for the vast majority of hashes you'll find in the wild.

skaffman
  • 398,947
  • 96
  • 818
  • 769
6

No; you pretty much can only identify it by the length.

-- Edit:

Obviously, however, if you have access to the program generating the hashes, and you can provide input, then you can compare with some result you also calculate (assuming you know the salt.

If you're really stuck, you can also infer it from the language that's being used (i.e. if it's PHP, it's most likely MD5), and so on.

But from a technical point of view, there is no way to identify a hash; as it would be counter-productive to the goal of security :) (it would take up useless bits in the hash itself to do this identification).

Noon Silk
  • 54,084
  • 6
  • 88
  • 105
3

Post from the future:

2bf231b0e98be99a969bd6724f42a691 MD5 : gombaliste0
4ac5a4ff764807d6ef464e27e4d1bee3 MD5 : gombaliste2
4d177cec31d658ed22cc229e45d7265e MD5 : gombaliste129

Reelix
  • 69
  • 4