what type of encryption this is?

Question

Is there a way to find what type of encryption/encoding is being used? For example, I am testing a web application which stores the password in the database in an encrypted format ({"data":"myPYj0/eRAw7ZELNNmJN7FGkyXmySbVRaa9Jf1s2g8Gf7rmuhP+sEYV1n6iaaqcqc0mIoDL2xl1Gvm4Xnu2qF9NnHLN8FGJ7buGJDdq4HDTQK7I6nrTK2iBqbZDyknRTaKfnb8nlmwhcseTYru3vMOoG8A3U3G7qpXhAVtHgEXnx6UGGJXqO+mGRJvLgX+tKDe67WmpyV/Ld/TWbosKqM1ag9VffpPdQ6w1dsR3I2nhw7G7yl+2FFbjiuZqMFLHAf5uoqUQsoCLGoOfO+ZSIwl9covxadqXKx+rei7oDqMSBEi0lNBfaCoZdhCn9q8TvnsENXqS9mehrSx93hqO2cPHA40881l5yLAcOPolmqx4="}). How do I determine what hashing or encryption is being used?

Answer 1

The base64-decoded data probably is encrypted, but there's no way from the data itself to tell what encryption was used, much less which key was used. Encryption transforms one arbitrary set of bytes into a different arbitrary set of bytes. The base64 data is 364 bytes long, which means 273 bytes decoded, but the trailing = sign means there's a byte missing from the base64 input, so the decoded text is actually 272 bytes long. 272 is divisible by both 8 and 16, so it could be any of the common block ciphers in a non-counter-based mode of operation; it could also be a stream cipher or counter mode, if the length just happened to be correct. I don't see any obvious padding bytes near the end of the data, which makes it less likely to be a block cipher, but the padding needn't be obvious even if the data length isn't an integer multiple of the block size. I could also just be missing it; it's common to pack other data beyond just the ciphertext, such as the IV and integrity check, onto encrypted messages.

You'll have to look at the code which either generated that data, or which consumes it. Presumably you have access to one or the other, if not both. See what transformations they use. That's your best shot to both learn what cipher is used, in what mode (if relevant), and with what key (and IV if relevant).