Hello guys! Today we are going to learn how to identify a hashes. So lets start!
Identifying Hash Algorithm
Before we start discussing about hash identification I want to tell you something real quick,
Hexadecimal Numbers: 0,1,2,3,4,5,6,7,8,9, a,b,c,d,e,f are called hexadecimal characters. To know more about hexadecimal numbers,read this WikiPedia entry.
Each hexadecimal number represent 4 bits. Now for example, the string “a26fe” contains 5 Hexadecimal characters so I can say its a 4 x 5 = 20 bit string. Easy? Great.
Now take a look at this hash, 5187942d399d4ed244068db70a11319e
It contains only hexadecimal numbers right? The number of characters in this hash is 32.
Hence the length of the hash in bits can be calculated as, 32 x 4 = 128 bits
Now here is a nice and short table of bit-lengths of different hash types:
|MD6||Up to 512 bits|
|SHA-3 (originally known as Keccak)||arbitrary|
Source: List of hash functions
Hmmm so the bit-length of our target hash is 128 bits and according the table above, it can be any of these four hashes:
MD2 (Designed in 1989)
MD4 (Designed in 1990)
MD5 (Designed in 1991)
RIPEMD-128 (Designed in 2004)
As you can see, MD5 is the newest 128 bit-length hash in MD Category so no one uses MD2 and MD4 now-a-days. So we can guess that its an MD5 or a RIPEMD-128.
Now ask yourself, which program generated this hash? Well in my case, I got this hash from an MySQL database while performing SQL Injection.
Now your experience and knowledge comes into play, I know that MySQL database management system usually store passwords as MD5 hashes so I know its an MD5 and not a RIPEMD-128. Windows use NTLM hashing algorithm, Linux use MD5, SHA-256 or SHA-512, Blowfish etc., Maria DBMS uses MD5 or SHA-1.
So here’s the conclusion:
- Find the bit-length of the hash and write down possible hash types
- Use your common sense to make an educated guess
But if you are lazy then you can just use this website to make guesses for you. Or if you want something better then you can use a program named “Hash-identifier”.
Linux users can install it via the following command in the terminal
apt-get install hash-identifier
Using hash-identifier is a piece of cake. Run it and enter your hash and it makes really good guesses for you.
If you are a windows user (unfortunately), then you can download it from its github mirror.
Thanks for reading! I hope you learned something new today.
Also Read: TCP/IP Model Explained