4

I have a file that contains a bunch of different types of hashes in it:

a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
90a3ed9e32b2aaf4c61c410eb925426119e1a9dc53d4286ade99a809
f8d3b312442a67706057aeb45b983221afb4f035
768412320f7b0aa5812fce428dc4706b3cae50e02a64caa16a782249bfe8efc4b7ef1ccb126255d196047dfedf17a0a9
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
db346d691d7acc4dc2625db19f9e3f52
098f6bcd4621d373cade4e832627b4f6
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
90a3ed9e32b2aaf4c61c410eb925426119e1a9dc53d4286ade99a809
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
5e52fee47e6b070565f74372468cdc699de89107
f8d3b312442a67706057aeb45b983221afb4f035
098f6bcd4621d373cade4e832627b4f6
db346d691d7acc4dc2625db19f9e3f52
768412320f7b0aa5812fce428dc4706b3cae50e02a64caa16a782249bfe8efc4b7ef1ccb126255d196047dfedf17a0a9
9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
5e52fee47e6b070565f74372468cdc699de89107
b913d5bbb8e461c2c5961cbe0edcdadfd29f068225ceb37da6defcf89849368f8c6c2eb6a4c4ac75775d032a0ecfdfe8550573062b653fe92fc7b8fb3b7be8d6

These hashes have no salt and I can find out what kind they are. What I would like to do is identify the different types of hashes using a program, is it possible to identify a hash by length or by specific characters?

What I know is that every hash (as far as I know) has the letter a-f and the numbers 0-9 in them, so I was thinking I could identify the hashes by length, would it be possible to identify a saltless hash by the length of the hash?

For example the hash of the word test using SHA1 is a94a8fe5ccb19ba61c4c0873d391e987982fbbd3 which is exactly 40 characters long, the word test using MD5 is d41d8cd98f00b204e9800998ecf8427e which is exactly 32 characters long. If I could figure out the length of each hash (md5, sha1, sha256, etc) would it be theoretically possibly to make an estimated guess on what kind of hash would be shown?

secxit
  • 43
  • 1
  • 1
  • 3
  • Apparently there is a [tool](https://code.google.com/archive/p/hash-identifier/) that can help to identify a hash; use at your own risk. (Found via [this answer](http://security.stackexchange.com/a/16900/5405)). – S.L. Barth Feb 07 '17 at 14:38
  • @secxit You can try [hashid](https://github.com/psypanda/hashID) which replaces [hash-identifier](https://gitlab.com/kalilinux/packages/hash-identifier) – SebMa May 01 '21 at 10:58

4 Answers4

5

Hashes are commonly represented that way so they are readable/printable characters. They are representations of the binary values generated by the hashing process, thats why they use the same standard base16 character set.

Many hashes, yes, are predictable by length.

MD5 is 128 bit SHA1 is 160 SHA256 is 256, 512 etc etc. Divide those by 8 to get the length in bytes, then times that by two for the length when represented as ASCII.

However it is not foolproof. as SHA1 and RIPEMD-160 are both 160 bits. Odds are it will be SHA1 so you can make an educated guess, but no guarantees

Equally someone might be (rather stupidly) truncating the hash or all sorts of craziness or not using common hash types. It would be an educated guess only.

user2867314
  • 610
  • 3
  • 12
3

Not really - salted and salt-less hashes are the same length, and any hash function with the same size output is essentially indistinguishable from any other. For 32 character long strings, you might have pretty much any MD* hash, Havel, or a truncated longer hash. For 40 characters, could be SHA-1, or RipeMD160, or a truncated longer hash.

Best you could do would be to assume that they're all full hashes, and try to generate matches. You can't tell if they're salted from the length though.

Matthew
  • 27,233
  • 7
  • 87
  • 101
  • +1 for the truncation (or the overlength of the original hash, like concatenating two hash outputs) – Xenos Feb 07 '17 at 14:33
1

Kali Linux has a pre-installed script that can identify hashes, the tool is called Hash-Identifier. You can modify this script to automate your discovery.

You can also use some online tools to identify hashes, my preferred one is OnlineHashCrack.

But keep in mind that no tool is 100% accurate, analyzing the code that is generating it is always the best option.

pacoverflow
  • 262
  • 1
  • 10
Ricardo Reimao
  • 687
  • 4
  • 9
0

Yes there is a way to narrow down the results and figure out what type of hash you are dealing with.

A quick (and lazy) way of doing this is using an online tool such as the Online Hash Crack - Hash Identification Tool

pzirkind
  • 707
  • 6
  • 12