Format of hashed strings

Question

When hashing a string, sometimes I see the format like so:

{SHA512}1G2zjh2Bso/LzS06JDLXcELCJX4TQm7oXL5Et3Yg4Veyji7iQW26VnBdEHiURM5evO6duJjzY5387mkWV0oiyYA=

Specifically the section indicating the hash function SHA512.

Is this a standard? Is there some documentation somewhere on what the possible values between {} can be?

For example, if I wanted to use bcrypt, what would I put there?

Where do you see this? There's no context at all to this question. Hash storage is generally application specific. — RoraΖ, Jan 12 '16 at 17:48
I have never seen this format. Please indicate *where you saw this* so that the community could possibly help you out. — schroeder, Jan 12 '16 at 17:57
That pretty much answers my question, it's not a standard, so it doesn't really matter where it came from. — prajo, Jan 12 '16 at 17:58
Welcome to Stack Exchange for Security. You can take a tour by clicking here http://security.stackexchange.com/tour It will explain how Stack Exchange works. Thanks for your contribution and again, welcome. Cheers! — Citizen, Jan 12 '16 at 19:16

score 1 · Accepted Answer · answered Jan 12 '16 at 17:52

This is not a standard, it is implementation-specific. It's used by the library which hashes the password to identify which hash function have been used.

For example, PHP use this format in its password hashing library:

$2y$10$.vGA1O9wmRjrwAVXD98HNOgsNpDczlqm3Jq7KnEd1rVAGv3Fykk1a

2y means that PHP used the bcrypt algorithm.
10 is the cost used to hash the string.
The rest of the string stores the salt (if used), and the hash itself.

Having these metadata allows PHP to automatically select the correct algorithm / cost when the script calls password_verify with the user-supplied string.

This is the "crypt" https://en.wikipedia.org/wiki/Crypt_%28C%29 format aka "modular crypt format" used by many many things on Unix as well as PHP and Perl and more. — dave_thompson_085, Jan 13 '16 at 03:00

Format of hashed strings

1 Answers1