Can I identify a hash algorithm based on the initial key and output hash?
Solution 1
Well, given that there are a finite number of popular hash algorithms, maybe what you propose is not so ridiculous.
But suppose I asked you this:
If I have an input and an output, can I determine the function?
Generally speaking, no, you cannot determine the inner-workings of any function simply from knowing one input and one output, without any additional information.
// very, very basic illustration
if (unknownFunction(2) == 4) {
// what does unknownFunction do?
// return x + 2?
// or return x * 2?
// or return Math.Pow(x, 2)?
// or return Math.Pow(x, 3) - 4?
// etc.
}
Solution 2
By looking at the length, you can decide which algorithms to try. MD5 and MD2 produce 16-byte digests. SHA-1 produces 20 bytes of output. Etc. Then perform each hash on the input and see if it matches the output. If so, that's your algorithm.
Of course, if more than the "key" was hashed, you'll need to know that too. And depending on the application, hashes are often applied iteratively. That is, the output of the hash is hashed again, and that output is hashed… often thousands of times. So if you know in advance how many iterations were performed, that can help too.
There's nothing besides the length in the output of a cryptographic hash that would help narrow down the algorithm that produced it.
Solution 3
The hash seems to contain only hexadecimal characters (each character represents 4bits)
Total count is 32 characters -> this is a 128-bits length hash.
Standard hashing algorithms that comply with these specs are: haval, md2, md4, md5 and ripemd128.
Highest probability is that MD5 was used.
md5("higher") != df072c8afcf2385b8d34aab3362020d0
Highest probability is that some salt was used.
Highest probability still remains MD5.
Solution 4
Didn't match any of the common hashing algorithms:
Perhaps a salt was added prior to hashing...
Solution 5
Not other than trying out a bunch that you know and seeing if any match.
Chrisc
Updated on June 08, 2022Comments
-
Chrisc almost 2 years
If I have both the initial key and the hash that was created, is there any way to determine what hashing algorithm was used?
For example:
- Key: higher
- Hash: df072c8afcf2385b8d34aab3362020d0
- Algorithm: ?
-
Chrisc over 14 yearsYeah, I was checking it against some existing hashes as well and came up empty handed. The above example I gave was from a website's search box. I noticed that it hashed the search value, and was curious if I would be able to figure out the hashing method.
-
dhara tcrails over 14 yearsThe length doesn't help that much. You could easily concatenate two related MD5s together to get a larger output.
-
brady over 14 yearsSure, but in the real world, I've never seen that done---including this question. On the other hand, I've had countless experiences where I had to figure out what digests were used in a protocol, and by simply counting the bytes I was able to verify my first guess. That's a lot of help. Of course, YMMV.
-
Jason over 14 yearsThis is a good idea for casual use, but if you need rigor, I don't think it will do. At a guess, I'd bet that any two hashing algorithms don't or can't guarantee they won't have collisions with each other for some input value.
-
L̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳ almost 14 years@John anything trivial like that will be beaten. This is cryptography after all. The only way you are going to stop someone from guessing your hash algorithm is by using a keyed hash (and not giving him the key). Or making your own, which even then it could be feasible for the attacker to derive the algorithm.
-
Royce Williams about 5 yearsThere are also cases where you've got a truncated hash - for example, a hash that was originally a SHA1 (48-hex) hash that was truncated to an MD5-looking length (32-hex), for which the only way to crack it is to run it through SHA1 and then truncate at 32. So the only real proof in the hash-cracking pudding is in the tasting: finding a few cracks with a given algorithm.
