What is Hash? Types Of HASH

4:09 AM
It is a common technique use by developer to store password in database in encrypted format so that normal person cannot see the credentials in clear text.every time when ever a user log in to authentication portal his/her password is compared with the stored hash and if it found to be valid then the user is given access to portal,if the two hashes are not the same the passwords do not match and the user is denied access.

various types of encrypted password with example

+ MD5 - The most common hash you will come across in the wild is an MD5 hash (Message-Digest algorithm)

Characteristics:-

They are always 32 characters in length (128 Bits)
They are always hexadecimal (Only use characters 0-9 and A-F)

+ SHA1 - Still used frequently on the internet and is one of a large family of Secure Hash Algorithms.

Characteristics:-

They are always 40 Characters in length (160 bits)
They are always hexadecimal (Only use characters 0-9 and A-F)

+ MySQL < 4.1 - These aren't used very often but still come up on very often because people have no idea what to do with them, they are used in older versions of Mysql.

Characteristics:-

They are always 16 Characters in length (64 bits)
They are always hexadecimal (Only use characters 0-9 and A-F)
If the hash breaks one of these rules - IT IS NOT MYSQL < 4.1. 

+ MYSQL5 - Used in newer versions of MYSQL to store database user passwords.

Characteristics:-

They are always 41 characters in length
They are always capitalized
They always begin with an asterisk
If the hash breaks one of these rules - IT IS NOT MYSQL5.

+ MD5(Wordpress) - Used in word press driven sites, one of the most commonly confused hashes by everyone

Characteristics:-

They always start with $P$
They are always variable case alpha numeric (0-9 A-Z a-z)
The are always 34 characters long

If the hash breaks one of these rules - IT IS NOT MD5(Wordpress). 

+ MD5(phpBB3) - Used in PHPBB forums, another commonly miss identified hash, especially amongst skids.

Characteristics:-

They always start with $H$
They are always variable case alpha numeric (0-9 A-Z a-z)
The are always 34 characters long
If the hash breaks one of these rules - IT IS NOT MD5(PhpBB).

** What is SALTS? Types of Salts

The most commonly salted hash is MD5 because it is cryptographically weak and easy to crack. So a salt gets added to the password before hashing to increase the parity. For example MD5($password.$salt).

+ Salted MD5 - Used in a large amount of applications to increase hash parity and to increase the time it takes to crack.

Characteristics:-

They consist of two blocks connected by a colon, the first is the hash the second is the salt.
The first part of the salted hash is hexadecimal, the second is variable case alphanumeric.
They first part will always be 32 characters long
The second part can be any length.
If the hash breaks one of these rules - IT IS NOT A SALTED MD5.

Warning - in some cases the salt can contain symbols (but this is rare)

NOTE - You need both the salt AND the hash to decrypt a salted md5.

Cracking these Encryption

This what a hacker always look for after getting the password from database through sql injection /other web vulnerability.
There are various online as well as offline tools are available for cracking any encrypted password.

0 comments: