If I have both the initial key and the hash that was created, is there any way to determine the hash algorithm?
For example:
Key: higher
Hash: df072c8afcf2385b8d34aab3362020d0
Algorithm = ?
views:
586answers:
7
+1
A:
Not other than trying out a bunch that you know and seeing if any match.
Ben Alpert
2009-09-18 03:13:42
This is a good idea for casual use, but if you need rigor, I don't think it will do. At a guess, I'd bet that any two hashing algorithms don't or can't guarantee they won't have collisions with each other for some input value.
Jason
2009-09-19 20:38:45
The length doesn't help that much. You could easily concatenate two related MD5s together to get a larger output.
John Gietzen
2009-09-18 15:40:03
Sure, but in the real world, I've never seen that done---including this question. On the other hand, I've had countless experiences where I had to figure out what digests were used in a protocol, and by simply counting the bytes I was able to verify my first guess. That's a lot of help. Of course, YMMV.
erickson
2009-09-18 16:39:48
@John anything trivial like that _will_ be beaten. This is cryptography after all. The only way you are going to stop someone from guessing your hash algorithm is by using a keyed hash (and not giving him the key). Or making your own, which even then it could be feasible for the attacker to derive the algorithm.
Longpoke
2010-07-01 23:48:08
+1
A:
didnt match any of those:
http://www.fileformat.info/tool/hash.htm?text=higher
Or even those:
http://www.webwiki.de/hashes/f/fa/fa2/fa2ec87a2e6783b2193f71bfdf0f9cc8
Amro
2009-09-18 03:32:17
Yeah, I was checking it against some existing hashes as well and came up empty handed. The above example I gave was from a website's search box. I noticed that it hashed the search value, and was curious if I would be able to figure out the hashing method.
Chrisc
2009-09-18 03:49:00
+2
A:
1) The hash seems to contain only hexadecimal characters (each character represents 4bits)
2) Total count is 32 characters -> this is a 128-bits length hash.
3) Standard hashing algorithms that comply with these specs are: haval, md2, md4, md5 and ripemd128.
4) Highest probability is that MD5 was used.
5) md5("higher") != df072c8afcf2385b8d34aab3362020d0
6) Highest probability is that some salt was used.
7) Highest probability still remains MD5. :)
sb
Starbuck
2009-09-18 13:17:36
+3
A:
Well, given that there are a finite number of popular hash algorithms, maybe what you propose is not so ridiculous.
But suppose I asked you this:
If I have an input and an output, can I determine the function?
Generally speaking, no, you cannot determine the inner-workings of any function simply from knowing one input and one output, without any additional information.
// very, very basic illustration
if (unknownFunction(2) == 4) {
// what does unknownFunction do?
// return x + 2?
// or return x * 2?
// or return Math.Pow(x, 2)?
// or return Math.Pow(x, 3) - 4?
// etc.
}
Dan Tao
2009-09-18 13:28:01
A:
It could be anything but I would try MD5 or HMAC-MD5 first because they are most popular 16-byte hash algorithms.
ZZ Coder
2009-09-18 15:31:24