Password Hash Algorithms
The table below contains values for the hashType enumeration referenced and returned in many of the API calls. This is a listing of all the different password hashing algorithms that are recognized by Enzoic. Note this list grows over time, so you may need to periodically check it and add new values to your implementation.
Hash Types
Some of the hash types below are standard hashing algorithms, such as SHA-1 and BCrypt, while others are composite algorithms, combining the password, salt, and potentially multiple standard hashes together to calculate a final hash value. For example, hashType 5 is a composite with the following algorithm: md5(md5(salt) + md5(password)). Thus, it would be necessary to calculate an MD5 of the provided salt and concatenate this with an MD5 of the password. Finally, an MD5 of the resultant string is calculated and this is the final hash. Unless otherwise specified, the standard hash steps in a composite algorithm should all be outputting lowercase hex string representations of the value.
Salts
Note that some of the hashTypes require salt values and some do not, depending on the hash algorithm.
Hash Libraries
When necessary, calculating these hashes can generally be accomplished using language-specific libraries which provide standard hashing functions (MD5, SHA-1, SHA-256, etc). Typically these functions are either built-in or available as open-source libraries for practically any widely-used programming language. Note that this is one of the large advantages of using one of the pre-built Enzoic Libraries: they already have done the heavy lifting of assembling these libraries and handle any necessary hash calculations for you. They are also regularly updated as new hashing algorithms are added to the Enzoic database.
Hash Type Enum Values
| Value | Description | Output |
|---|---|---|
1 | MD5 hash algorithm without salt | Hex string |
2 | SHA1 hash algorithm without salt | Hex string |
3 | SHA256 hash algorithm without salt | Hex string |
5 | Composite Algorithm: md5(md5(salt) + md5(password)) | Hex string |
6 | Composite Algorithm: md5(md5(password) + salt) | Hex string |
7 | Composite Algorithm: md5(md5(password) + salt) | Hex string |
8 | BCrypt algorithm using provided salt | Bcrypt string |
9 | CRC32 hash algorithm without salt | Hex string |
10 | PHPBB3 (PHPass) | PHPass string |
11 | Composite Algorithm: xor(sha512(password + salt), whirlpool(salt + password)) | Hex string |
13 | Composite Algorithm: md5(password + salt) | Hex string |
14 | SHA512 hash algorithm without salt | Hex string |
15 | Composite Algorithm with fixed salt: md5(“kikugalanet” + password) | Hex string |
16 | MD5Crypt algorithm using provided salt | MD5Crypt string |
17 | Composite Algorithm: bcrypt(md5(password)) using provided salt for BCrypt | BCrypt string |
18 | Composite Algorithm: sha256(md5(password + salt)) | Hex string |
19 | Composite Algorithm: md5(salt + password) | Hex string |
20 | DESCrypt algorithm using provided salt | DESCrypt string |
21 | MySQL (pre 4.1) algorithm | Hex string |
22 | Composite Algorithm: “*” + sha1(sha1(password)) | Hex string prefixed with “*” |
23 | Composite Algorithm: base64(sha1(UTF16Bytes(password))) | Hex string |
24 | Composite Algorithm: sha1(salt + sha1(password)) | Hex string |
25 | Composite Algorithm: sha1(password + salt) | Hex string |
26 | Partial MD5 – first 20 bytes of MD5 hash of password | Hex string |
27 | Composite Algorithm: md5(md5(password)) | Hex string |
28 | Composite Algorithm: “md5$” + salt + “$” + md5(salt + password) | Hex string |
29 | Composite Algorithm: “sha1$” + salt + “$” + sha1(salt + password) | Formatted hex string |
30 | Partial MD5 – first 29 bytes of MD5 hash of password | Hex string |
31 | Composite Algorithm: salt + sha1(salt + password) | Formatted hex string |
32 | Composite Algorithm: sha1(username + password) | Hex string |
33 | NTLM | Hex string |
34 | Composite Algorithm: sha1(“–” + salt + “–” + password + “–“) | Hex string |
35 | SHA384 | Hex string |
36 | Composite Algorithm: hmac-sha256(sha1(salt) + password) HMAC key: “d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e” | Hex string |
37 | Composite Algorithm: sha256(salt + password) | Hex string |
38 | Composite Algorithm: sha512<11 times>(sha512(password + salt)) | Hex string |
39 | SHA512Crypt | SHA512Crypt string |
40 | Composite Algorithm: sha512(password + “:” + salt) | Hex string |
41 | SHA256Crypt | SHA256Crypt string |
42 | Composite Algorithm (AuthMeSHA256): “$SHA$” + salt + “$” + sha256(sha256(password) + salt)) | Formatted hex string with salt prepended |
Last updated