tags:

views:

145

answers:

4
+2  Q: 

Hashing Using SHA1

Hi,

I am doing an enhancement on our system and there is this other application that is already doing the hashing / ecryption but nobody knows what algorithm was used and we do not have access to the code. I have to do the same hashing using java or javascript for our system because I need to perform a search so I need to pass the correct hashed/encrypted value. I only have the sample data saved in the database of the other system which is already hashed/encrypted.

Sample text data to be hashed : 4539780225622033
I need to convert it to this value: gjfFIfHf1JsVMHbD7lwPaT43rsA=

I found this site which you have to enter the text and it will generate all possible hashed values using different hashing algorithm. http://www.insidepro.com/hashes.php?lang=eng

I found 4 results under SHA-1. I know how to get RESULTS 1 and 2 but I don;t know how to arrive with RESULTS 3 and 4.

SHA1 Results:

RESULT 1: 99a37385d70a8f383f51f70e148d9a115f1beed5 
RESULT 2: maNzhdcKjzg/UfcOFI2aEV8b7tU= 
RESULT 3: 8237c521f1dfd49b153076c3ee5c0f693e37aec0 
RESULT 4: gjfFIfHf1JsVMHbD7lwPaT43rsA=

I hope you can help me with this.

Thanks you very very much in advance.

Bing

+3  A: 

Look at the notes listed at the bottom of the page:

[1] – Hash in Base64

[2] – Password in Unicode

The third hash is obtained by hashing the Unicode version of the password, the fourth is the Base64 encoded version of that.

Anon.  2010-07-05 04:07:26
Hi again, sorry i'm quite new to this hashing/encryption and encoding...isn't it this java code already converts to Unicode using the UTF-8?md = MessageDigest.getInstance("SHA-1"); byte[] sha1hash = new byte[40]; md.update(text.getBytes("UTF-8"), 0, text.length()); sha1hash = md.digest(); String sHex = convertToHex(sha1hash);
Bing  2010-07-05 06:00:07
A: 

1) I hope that credit card number you've posted isn't real.

2) Is there any chance of decompiling the original encryption app?

3) If not, there is no way to guarantee you'll get the same results as it's unlikely if this is a serious encryption application that they would use a standard algorithm without a salt or application-specific key. If they have used just a standard hash algorithm and this is a serious security app then you don't want to be replicating the same behaviour.

Graphain  2010-07-05 04:07:54
Hi, Nope it's not a real card number it's just a test data.There's no way of decompiling because we don't have access to it. The problem is we need to arrive at the same hashed value that they have because we need to pass the same hashed value for SEARCH purposes. The problem is no one can tell me what are the rules/algo they used in hashing the card number.I'm quite new to this hashing and encrypting data. I already downloaded a java and javascript code for sha1 and base64 but I couldn't get the RESULT 4 I mentioned above.
Bing  2010-07-05 06:06:26
Not sure why I get a -1 for this, but there is *no* way to guess the method they used to encrypt the data if they used a salt etc. as they should have. I mean if you could guess the method surely an attacker who got your data could too and at that point it's only a matter of generating a rainbow table until your data is compromised.
Graphain  2010-07-05 06:31:22
A: 

Hi all,

Thank you very much for your response.

I finally found the solution to my problem from the sha1 javascript implementation that I downloaded. As i've said I'm new to this encoding stuff so I'm not quite sure how to explain the difference.

Instead of using UTF-8 I used the UTF-16le encoding:

function str2rstr_utf16le(input) { var output = ""; for(var i = 0; i < input.length; i++) output += String.fromCharCode( input.charCodeAt(i) & 0xFF, (input.charCodeAt(i) >>> 8) & 0xFF); return output; }

Thanks again for the quick response. I'll have to read/study more on this topic.

Bing

Bing  2010-07-05 07:18:11
A: 

The first one is SHA1 of raw encoding. The second one uses UTF-16 (Little Endian) encoding

You can get second result by doing this,

        MessageDigest md = MessageDigest.getInstance("SHA1");
        md.update(text.getBytes("utf-16le"));
        byte digest[] = md.digest();
        // Convert to hex or Base64
ZZ Coder  2010-07-05 13:12:53

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java