![]() ![]() Response by poster: And for those playing along at home, here's the output from signsrch: Posted by delfuego at 10:09 AM on June 21, 2012 So either this is a rare or novel hash function, or the app is salting the input string with a static value, hashing it with MD5, and then encoding it to base64. There aren't many more common hash functions that output 16-byte digests - SHA-1 is 20 bytes, SHA-256 is 32 bytes, SHA-512 is 64 bytes. I just did a simple test which took "metafilter", created a straight MD5 hash of it (which outputs a 16-byte digest), and then base64-encoded that digest the output ("TPc3tK3+eXqXTeyOGZ0Tcg=") does not match your known value, so that's not it. One spare byte means you get two '' characters at the end. If you have an exact multiple of 3 bytes then you will get no equal sign. * Given that you see the same output for "a" and " a ", you know that if there is a salt involved in the hash function, it's not a random salt but rather a fixed one. Every 3 bytes you need to encode as Base64 are converted to 4 ASCII characters and the '' character is used to pad the result so that there are always a multiple of 4 encoded characters. * Given that "Base64?" and "base64?" produce different output, you know that the hash function is case-sensitive and that the input is NOT case-normalized before being hashed. About Base64Encoder Base64Encoder.io is a simple and easy-to-use online tool to encode any binary or text data to Base64 encoded format. * Given that you see the same output for "a" and " a ", you know that that the input has spaces stripped from it before being hashed, or the hash function itself strips spaces. Go contains a package called 'encoding/base64' that has various functions to Base64 encode a sequence of bytes and also decode a Base64 encoded string. * Given that your inputs are of variable length, there's another process, likely a hash function, that's turning what you put in into the 16-byte input to the base64 encoding process. A 65-character subset ( A-Za-z0-9+/) of US-ASCII is used. The base64 encoding is designed to represent arbitrary sequences of octets in a form that need not be humanly readable. * Given that, the input into the base64-encoding process is 16 bytes long a 16-byte input generates a base64-encoded string of the length that you're seeing with the two equals signs padding the end of it. This module provides functions to encode and decode strings into and from the base64 encoding specified in RFC 2045 - MIME (Multipurpose Internet Mail Extensions). * The output is almost certainly base64-encoded the two equals signs at the end give that away.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |