Reputation: 137
What encryption method is used on these passwords?
I am working on a program that needs to know what is used to encrypt passwords in the application Tigerpaw 11. Tigerpaw 11 uses SQL so I can see the encrypted password I am just not sure what particular encryption method is used.
I changed one of the users passwords several times so I had some examples for you guys.
For what it helps this is what I know about the application: - Ties to MS SQL for all data - Seems to be written in a .NET language
Samples:
123456, 6df7a625c514577b8ce73af649e3c179
MyPassword, ec46ca799923b1a6ffab6b5cb75d059a
CrackIt, b4df19b23f1882e4d0a42e2451443628
They seem to have some kind of hash value based on user. For this instance it could be "Tim Way" or 50 amongst other fields.
The end result is I want to be able to do user authentication in PHP against this password.
Upvotes: 1
Views: 392
Answers (6)
Reputation: 1003
This is reviving an old thread however as of version 14 encryptions have been converted to AES256 I know this applies to credit card details, Not sure if it applies to passwords, They are likely just a hash as per previous answers.
Upvotes: 0
Reputation: 13111
It's probably a MD5 hash of the password and user name (and/or user ID, if that exists). Also check if there is something else related to the row in the user database table that might also influence the hash. For example, when setting the same password to the same user produces different hashes then there probably is something like a SALT value (a random value or string that changes with each password update).
Given these values you have to guess how they are being combined. If you're unlucky, then they might even use separators and such.
I'd try with
md5($username . $password);
md5($userID . $password); // assuming there is a numeric user ID too
md5($password . $username);
md5($password . ":" . $username); // separator example
md5($username . $password . $salt) // if there is any
Any any other combination that comes to your mind. Good luck.
Upvotes: 1
Reputation: 3645
It looks like md5 hash salted with username and secret key (sha1 is 40 chars long).
Upvotes: 0
Reputation: 6973
It appears that they are using salt in there hash.
Salt is a somewhat secret term used change the hash value. I doubt they would want to tell you the salt.
you can see the results from many popular hashing algos here
http://www.insidepro.com/hashes.php?lang=eng
Upvotes: 1
Reputation: 14784
The passwords are not encrypted, but hashed. Your hashes seem to be hashed with the MD5 hashing function. Probably a secret salt is used to make guessing common passwords harder.
Upvotes: 1
Reputation: 9278
They are probably not encrypted but hashed, the fact that the 'encrypted passwords' are all the same length should have given you a clue. Common hashing functions are MD5 or SHA1.
Upvotes: 3
Related Questions
- How to decrypt this password?
- What is Drupal's default password encryption method?
- Which Encryption algorithm is used by EncryptByKey and EncryptByPass in Azure SQL database?
- How Decode Password
- Encrypt password for sql connection in php
- How to decrypt a string encrypted by SQL Server's EncryptByPassPhrase() in PHP?
- Which encryption method does Prestashop use for the password field and how does it do it?
- How to decrypt a password from database in php?
- Decrypt password in php
- What kind of password hash/encryption is this?