how to detect the algorithm of a hashed string

Question

I have a software which stores passwords using an unknown hashing method. for example if the 123456789 set as the password, it would be stored in the database by two fields which are 'salt' (seems that the salt is generated randomly) and 'hashed'. And I need to know how the software reaches to that hashed string.

as an example for the origial string: 123456789

the salt is: ifWIg1IB

hashed is: QkKtpxSqd+kIH2EuMkNdWV44B2g=

I need to know it because of making an integrated login system via this hashed password. I think it is very important to avoid make lots of username and password for each person in an office.

with the best respects

Answer 1

Your 'hashed' output is a base-64 encoded string. Decoding the string results in a 20-byte digest. SHA-1 produces 20-byte hashes so it looks like the generation process is:

base64(sha1(combine(salt, password)))

there are two obvious approaches to combining the salt and password plaintext - append or prepend the salt to the password. If you prepend the salt you end up with the following algorithm to generate the encoded digest:

public static string GenPasswordString(string password, string salt)
{
    byte[] bytes = System.Text.Encoding.UTF8.GetBytes(salt + password);
    using (var alg = new System.Security.Cryptography.SHA1Managed())
    {
        byte[] hashBytes = alg.ComputeHash(bytes);
        return Convert.ToBase64String(hashBytes);
    }
}

and

GenPasswordString("123456789", "ifWIg1IB") == "QkKtpxSqd+kIH2EuMkNdWV44B2g="