I am working on a Desktop Application using VB.net with an existing database. Including the user's username and password, I want to do the login window using the existing password but it was hashed password. May I know what hash algorithm use in this data X8NUoMVWb/w6D4QdmumxoQ==?
2
-
1@Dai while I wouldn't necessarily recommend VB for new commercial development, I don't think it merits shouty incredulity.Craig– Craig2021-01-29 16:50:38 +00:00Commented Jan 29, 2021 at 16:50
-
2@Dai Why not vb.net? It is still a member in good standing of the .net languages family and I don't have to add a semicolon at the end of every line.Mary– Mary2021-01-29 22:51:22 +00:00Commented Jan 29, 2021 at 22:51
Add a comment
|
1 Answer
You can make an educated guess simply by looking at the length of the hash, as generally there's only a handful of popular hashing algorithms used for passwords, all with their own distinct output lengths:
| Hash | Output length (bytes) | Output length (bits) |
|---|---|---|
| MD5 | 16 | 128 |
| SHA-1 | 24 | 160 |
| SHA-2 (SHA256) | 32 | 256 |
| SHA-2 (SHA512) | 64 | 512 |
You can never know for sure because while different hashing algorithms have different output sizes, the output can always be truncated (or padded with random bytes).
That said, X8NUoMVWb/w6D4QdmumxoQ== is a Base64-encoded binary value which decodes to a 16-byte value. 16 bytes is 128 bits - it's very likely this is an MD5 hash value.
The 16 bytes convert to Base 16 (hexadecimal) are 5FC354A0C5566FFC3A0F841D9AE9B1A1.
This MD5 hash doesn't appear in any freely available leaked password databases or hash-reverse services I tried.
Note that systems like bcrypt generate an output string which is not just a hash-value, but actually a data structure containing the hash and other data. In bcrypt's case the string always starts with $2 which will never appear in a Base16 or Base64-encoded string.
1 Comment
Dai
Note that it could be a salted hash. And the salt might be stored elsewhere in the application's database or security system.
