2

The concept is pretty simple actually, and involves finding out the hash function from known input and output.

Is there a tool (I'm on linux) that can find out this information quickly?

Example:

secret - fc683cd9ed1990ca2ea10b84e5e6fba048c24929

Knowing the two values above, this hypothetical machine would print out sha1sum.

And excuse my beginner mindset, I'm new and learning about this topic in my free time.

Improve this question
3
  • What system are you trying to crack? Commented Nov 7, 2012 at 23:39
  • Well, this is just for knowledge. I have a text file here from my friend, which has ~7 pairs of input and output. I'm trying to find out which hash function was used. So... there's really no system, I only have this text file with no source or context. Commented Nov 7, 2012 at 23:41
  • You could try to run it through some of the more common hashfunctions and see if the outputs match. Might get lucky Commented Nov 7, 2012 at 23:41

2 Answers 2

Reset to default
3

Assuming that an input string X is guaranteed to produce output hash Y, you can build a program which makes use of each encoding type.

Pseudocode:

hash = "fc683cd9ed1990ca2ea10b84e5e6fba048c24929";
input = "secret"

if (md5(input) == hash)
    return "md5";
else if (sha1(input) == hash)
    return "sha1";
//etc...
else
    return "Unknown"

Edit: See How come MD5 hash values are not reversible? for more information on why you can't "reverse" a hash such as md5.

Edit 2: I did some searches and found this: http://code.google.com/p/hash-identifier/ - It looks pretty comprehensive, so take a look.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

... Other than that, is there no way to 'reverse' the hash?
Nope. That's why they're called "non-reversible" hashes.
Well, I thought they meant that in regards to the output itself, and not the combination of knowing both the input and output.
Ok, so I ran this, and it gave me two possible choices for the ones I have. I don't understand what hashes the program suggests though. One of them: Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username))) I can't comprehend this one.
How would knowing the input make reversing it any easier? It just makes it easy to tell if you've succeeded. But if you have the input, why would you need to reverse it at all?
|
1

Here is an expanded example...

import hashlib
import bcrypt
import argon2_cffi

def check_hash(input, hash):
    # Calculate the MD5 hash
    md5_hash = hashlib.md5(input.encode()).hexdigest()

    # Calculate the SHA-1 hash
    sha1_hash = hashlib.sha1(input.encode()).hexdigest()

    # Calculate the SHA-256 hash
    sha256_hash = hashlib.sha256(input.encode()).hexdigest()

    # Calculate the SHA-512 hash
    sha512_hash = hashlib.sha512(input.encode()).hexdigest()

    # Compare with bcrypt hash
    if bcrypt.checkpw(input.encode(), hash.encode()):
        return "bcrypt"

    # Compare with Argon2 hash
    argon2 = argon2_cffi.PasswordHasher()
    try:
        argon2.verify(hash, input)
        return "argon2"
    except argon2_cffi.exceptions.VerifyMismatchError:
        pass

    if md5_hash == hash:
        return "md5"
    elif sha1_hash == hash:
        return "sha1"
    elif sha256_hash == hash:
        return "sha256"
    elif sha512_hash == hash:
        return "sha512"
    else:
        return "Unknown"

# Example usage
hash = "fc683cd9ed1990ca2ea10b84e5e6fba048c24929"
input = "secret"
result = check_hash(input, hash)
print(f"Hash Algorithm: {result}")
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.