Enzoic API - Developer Documentation
Visit our website
  • Enzoic Website
  • Getting Started
    • .NET Quick Start
    • Java Quick Start
    • JavaScript Quick Start
    • Ruby Quick Start
    • PHP Quick Start
    • Go Quick Start
    • Python Quick Start
  • Using the Enzoic API
  • Libraries
  • API reference
    • Passwords API
    • Credentials API
      • Hashed Credentials API
      • Cleartext Credentials API
        • Query Passwords for an Email Address
        • Query Passwords for a Domain
        • Query Passwords for a Partial Hash of an Email Address
      • Test Accounts
    • Exposures API
      • Get Exposures for an Email Address
      • Get Exposures for a Domain
      • Get Exposures for All Email Addresses in a Domain
      • Get Exposures by Date
      • Retrieve Details for an Exposure
    • Breach Monitoring API
      • Breach Monitoring by User
        • Add Breach Alert Subscriptions for Users
        • Remove Breach Alert Subscriptions for Users
        • Query Breach Alert Subscriptions for Users
      • Breach Monitoring by Domain
        • Add Breach Alert Subscriptions for Domains
        • Remove Breach Alert Subscriptions for Domains
        • Query Breach Alert Subscriptions for Domains
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • Identity Breach Monitoring API
      • Monitoring Identities
        • Add Identities to Monitoring
        • Update Monitored Identities
        • Remove an Identity from Monitoring
        • Query Monitored Identities
      • Retrieving Identity Exposures
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • BIN Monitoring API
      • Monitoring BINs
        • Add Bank Identification Numbers to Monitoring
        • Remove Bank Identification Numbers from Monitoring
        • Query Monitored Bank Identification Numbers
      • Retrieving Exposed Payment Cards
      • Webhooks
        • Managing Webhooks
          • Register a Webhook
          • Update a Webhook
          • Delete a Webhook
          • Query Registered Webhooks
        • Webhook Test API
    • Payment Card Exposures API
      • Check a Card Number for Compromise
    • Account Status APIs
      • Account Status
      • Account Usage
    • Password Hash Algorithms
    • OpenAPI Specification
    • View OpenAPI Spec in Swagger UI
    • Postman Collection of API Examples
  • Password Strength Meter
    • Quick Start
    • Example
Powered by GitBook
On this page
  • Hash Types
  • Salts
  • Hash Libraries
  • Hash Type Enum Values

Was this helpful?

  1. API reference

Password Hash Algorithms

PreviousAccount UsageNextPassword Strength Meter

Last updated 10 months ago

Was this helpful?

The table below contains values for the hashType enumeration referenced and returned in many of the API calls. This is a listing of all the different password hashing algorithms that are recognized by Enzoic. Note this list grows over time, so you may need to periodically check it and add new values to your implementation.

Hash Types

Some of the hash types below are standard hashing algorithms, such as SHA-1 and BCrypt, while others are composite algorithms, combining the password, salt, and potentially multiple standard hashes together to calculate a final hash value. For example, hashType 5 is a composite with the following algorithm: md5(md5(salt) + md5(password)). Thus, it would be necessary to calculate an MD5 of the provided salt and concatenate this with an MD5 of the password. Finally, an MD5 of the resultant string is calculated and this is the final hash. Unless otherwise specified, the standard hash steps in a composite algorithm should all be outputting lowercase hex string representations of the value.

Salts

Note that some of the hashTypes require salt values and some do not, depending on the hash algorithm.

Hash Libraries

When necessary, calculating these hashes can generally be accomplished using language-specific libraries which provide standard hashing functions (MD5, SHA-1, SHA-256, etc). Typically these functions are either built-in or available as open-source libraries for practically any widely-used programming language. Note that this is one of the large advantages of using one of the pre-built : they already have done the heavy lifting of assembling these libraries and handle any necessary hash calculations for you. They are also regularly updated as new hashing algorithms are added to the Enzoic database.

Hash Type Enum Values

Value
Description
Output

1

MD5 hash algorithm without salt

Hex string

2

SHA1 hash algorithm without salt

Hex string

3

SHA256 hash algorithm without salt

Hex string

5

Composite Algorithm: md5(md5(salt) + md5(password))

Hex string

6

Composite Algorithm: md5(md5(password) + salt)

Hex string

7

Composite Algorithm: md5(md5(password) + salt)

Hex string

8

BCrypt algorithm using provided salt

Bcrypt string

9

CRC32 hash algorithm without salt

Hex string

10

PHPass string

11

Composite Algorithm: xor(sha512(password + salt), whirlpool(salt + password))

Hex string

13

Composite Algorithm: md5(password + salt)

Hex string

14

SHA512 hash algorithm without salt

Hex string

15

Composite Algorithm with fixed salt: md5(“kikugalanet” + password)

Hex string

16

MD5Crypt algorithm using provided salt

MD5Crypt string

17

Composite Algorithm: bcrypt(md5(password)) using provided salt for BCrypt

BCrypt string

18

Composite Algorithm: sha256(md5(password + salt))

Hex string

19

Composite Algorithm: md5(salt + password)

Hex string

20

DESCrypt algorithm using provided salt

DESCrypt string

21

MySQL (pre 4.1) algorithm

Hex string

22

Composite Algorithm: “*” + sha1(sha1(password))

Hex string prefixed with “*”

23

Composite Algorithm: base64(sha1(UTF16Bytes(password)))

Hex string

24

Composite Algorithm: sha1(salt + sha1(password))

Hex string

25

Composite Algorithm: sha1(password + salt)

Hex string

26

Partial MD5 – first 20 bytes of MD5 hash of password

Hex string

27

Composite Algorithm: md5(md5(password))

Hex string

28

Composite Algorithm: “md5$” + salt + “$” + md5(salt + password)

Hex string

29

Composite Algorithm: “sha1$” + salt + “$” + sha1(salt + password)

Formatted hex string

30

Partial MD5 – first 29 bytes of MD5 hash of password

Hex string

31

Composite Algorithm: salt + sha1(salt + password)

Formatted hex string

32

Composite Algorithm: sha1(username + password)

Hex string

33

NTLM

Hex string

34

Composite Algorithm: sha1(“–” + salt + “–” + password + “–“)

Hex string

35

SHA384

Hex string

36

Composite Algorithm: hmac-sha256(sha1(salt) + password) HMAC key: “d2e1a4c569e7018cc142e9cce755a964bd9b193d2d31f02d80bb589c959afd7e”

Hex string

37

Composite Algorithm: sha256(salt + password)

Hex string

38

Composite Algorithm: sha512<11 times>(sha512(password + salt))

Hex string

39

SHA512Crypt

SHA512Crypt string

40

Composite Algorithm: sha512(password + “:” + salt)

Hex string

41

SHA256Crypt

SHA256Crypt string

42

Composite Algorithm (AuthMeSHA256): “$SHA$” + salt + “$” + sha256(sha256(password) + salt))

Formatted hex string with salt prepended

PHPBB3 ()

Enzoic Libraries
PHPass