views:

145

answers:

4
+2  Q: 

Hashing Using SHA1

Hi,

I am doing an enhancement on our system and there is this other application that is already doing the hashing / ecryption but nobody knows what algorithm was used and we do not have access to the code. I have to do the same hashing using java or javascript for our system because I need to perform a search so I need to pass the correct hashed/encrypted value. I only have the sample data saved in the database of the other system which is already hashed/encrypted.

Sample text data to be hashed : 4539780225622033
I need to convert it to this value: gjfFIfHf1JsVMHbD7lwPaT43rsA=

I found this site which you have to enter the text and it will generate all possible hashed values using different hashing algorithm. http://www.insidepro.com/hashes.php?lang=eng

I found 4 results under SHA-1. I know how to get RESULTS 1 and 2 but I don;t know how to arrive with RESULTS 3 and 4.

SHA1 Results:

RESULT 1: 99a37385d70a8f383f51f70e148d9a115f1beed5 
RESULT 2: maNzhdcKjzg/UfcOFI2aEV8b7tU= 
RESULT 3: 8237c521f1dfd49b153076c3ee5c0f693e37aec0 
RESULT 4: gjfFIfHf1JsVMHbD7lwPaT43rsA=

I hope you can help me with this.

Thanks you very very much in advance.

Bing

+3  A: 

Look at the notes listed at the bottom of the page:

[1] – Hash in Base64

[2] – Password in Unicode

The third hash is obtained by hashing the Unicode version of the password, the fourth is the Base64 encoded version of that.

Anon.
Hi again, sorry i'm quite new to this hashing/encryption and encoding...isn't it this java code already converts to Unicode using the UTF-8?md = MessageDigest.getInstance("SHA-1"); byte[] sha1hash = new byte[40]; md.update(text.getBytes("UTF-8"), 0, text.length()); sha1hash = md.digest(); String sHex = convertToHex(sha1hash);
Bing
A: 

1) I hope that credit card number you've posted isn't real.

2) Is there any chance of decompiling the original encryption app?

3) If not, there is no way to guarantee you'll get the same results as it's unlikely if this is a serious encryption application that they would use a standard algorithm without a salt or application-specific key. If they have used just a standard hash algorithm and this is a serious security app then you don't want to be replicating the same behaviour.

Graphain
Hi, Nope it's not a real card number it's just a test data.There's no way of decompiling because we don't have access to it. The problem is we need to arrive at the same hashed value that they have because we need to pass the same hashed value for SEARCH purposes. The problem is no one can tell me what are the rules/algo they used in hashing the card number.I'm quite new to this hashing and encrypting data. I already downloaded a java and javascript code for sha1 and base64 but I couldn't get the RESULT 4 I mentioned above.
Bing
Not sure why I get a -1 for this, but there is *no* way to guess the method they used to encrypt the data if they used a salt etc. as they should have. I mean if you could guess the method surely an attacker who got your data could too and at that point it's only a matter of generating a rainbow table until your data is compromised.
Graphain
A: 

Hi all,

Thank you very much for your response.

I finally found the solution to my problem from the sha1 javascript implementation that I downloaded. As i've said I'm new to this encoding stuff so I'm not quite sure how to explain the difference.

Instead of using UTF-8 I used the UTF-16le encoding:

function str2rstr_utf16le(input) { var output = ""; for(var i = 0; i < input.length; i++) output += String.fromCharCode( input.charCodeAt(i) & 0xFF, (input.charCodeAt(i) >>> 8) & 0xFF); return output; }

Thanks again for the quick response. I'll have to read/study more on this topic.

Bing

Bing
A: 

The first one is SHA1 of raw encoding. The second one uses UTF-16 (Little Endian) encoding

You can get second result by doing this,

        MessageDigest md = MessageDigest.getInstance("SHA1");
        md.update(text.getBytes("utf-16le"));
        byte digest[] = md.digest();
        // Convert to hex or Base64
ZZ Coder