Password Hash Algorithms
Last updated
Was this helpful?
Last updated
Was this helpful?
The table below contains values for the hashType enumeration referenced and returned in many of the API calls. This is a listing of all the different password hashing algorithms that are recognized by Enzoic. Note this list grows over time, so you may need to periodically check it and add new values to your implementation.
Some of the hash types below are standard hashing algorithms, such as SHA-1 and BCrypt, while others are composite algorithms, combining the password, salt, and potentially multiple standard hashes together to calculate a final hash value. For example, hashType 5 is a composite with the following algorithm: md5(md5(salt) + md5(password)). Thus, it would be necessary to calculate an MD5 of the provided salt and concatenate this with an MD5 of the password. Finally, an MD5 of the resultant string is calculated and this is the final hash. Unless otherwise specified, the standard hash steps in a composite algorithm should all be outputting lowercase hex string representations of the value.
Note that some of the hashTypes require salt values and some do not, depending on the hash algorithm.
When necessary, calculating these hashes can generally be accomplished using language-specific libraries which provide standard hashing functions (MD5, SHA-1, SHA-256, etc). Typically these functions are either built-in or available as open-source libraries for practically any widely-used programming language. Note that this is one of the large advantages of using one of the pre-built : they already have done the heavy lifting of assembling these libraries and handle any necessary hash calculations for you. They are also regularly updated as new hashing algorithms are added to the Enzoic database.
1
MD5 hash algorithm without salt
Hex string
2
SHA1 hash algorithm without salt
Hex string
3
SHA256 hash algorithm without salt
Hex string
5
Composite Algorithm: md5(md5(salt) + md5(password))
Hex string
6
Composite Algorithm: md5(md5(password) + salt)
Hex string
7
Composite Algorithm: md5(md5(password) + salt)
Hex string
8
BCrypt algorithm using provided salt
Bcrypt string
9
CRC32 hash algorithm without salt
Hex string
10
PHPass string
11
Composite Algorithm: xor(sha512(password + salt), whirlpool(salt + password))
Hex string
13
Composite Algorithm: md5(password + salt)
Hex string
14
SHA512 hash algorithm without salt
Hex string
15
Composite Algorithm with fixed salt: md5(“kikugalanet” + password)
Hex string
16
MD5Crypt algorithm using provided salt
MD5Crypt string
17
Composite Algorithm: bcrypt(md5(password)) using provided salt for BCrypt
BCrypt string
18
Composite Algorithm: sha256(md5(password + salt))
Hex string
19
Composite Algorithm: md5(salt + password)
Hex string
20
DESCrypt algorithm using provided salt
DESCrypt string
21
MySQL (pre 4.1) algorithm
Hex string
22
Composite Algorithm: “*” + sha1(sha1(password))
Hex string prefixed with “*”
23
Composite Algorithm: base64(sha1(UTF16Bytes(password)))
Hex string
24
Composite Algorithm: sha1(salt + sha1(password))
Hex string
25
Composite Algorithm: sha1(password + salt)
Hex string
26
Partial MD5 – first 20 bytes of MD5 hash of password
Hex string
27
Composite Algorithm: md5(md5(password))
Hex string
28
Composite Algorithm: “md5$” + salt + “$” + md5(salt + password)
Hex string
29
Composite Algorithm: “sha1$” + salt + “$” + sha1(salt + password)
Formatted hex string
30
Partial MD5 – first 29 bytes of MD5 hash of password
Hex string
31
Composite Algorithm: salt + sha1(salt + password)
Formatted hex string
32
Composite Algorithm: sha1(username + password)
Hex string
33
NTLM
Hex string
34
Composite Algorithm: sha1(“–” + salt + “–” + password + “–“)
Hex string
35
SHA384
Hex string
36
Composite Algorithm: hmac-sha256(sha1(salt) + password) HMAC key: “d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e”
Hex string
37
Composite Algorithm: sha256(salt + password)
Hex string
38
Composite Algorithm: sha512<11 times>(sha512(password + salt))
Hex string
39
SHA512Crypt
SHA512Crypt string
40
Composite Algorithm: sha512(password + “:” + salt)
Hex string
41
SHA256Crypt
SHA256Crypt string
42
Composite Algorithm (AuthMeSHA256): “$SHA$” + salt + “$” + sha256(sha256(password) + salt))
Formatted hex string with salt prepended
PHPBB3 ()