Here are the algorithms we currently accept
To ensure the responsible use of our services and to prevent misuse, certain algorithms may necessitate user verification. This could include methods such as email, phone number, or domain verification. This measure is in place to guarantee that our services are utilized in accordance with a legal agreement, particularly in scenarios involving forensics or audits. It is mandatory that all hashes submitted to us are acquired through lawful means.
Algorithm | Mode | Sample |
---|---|---|
NTLM | 1000 |
71eebf819bfcf3c55c18f47673e25520 |
MSCache / DCC |
1100 |
4dd8965d1d476fa0d026722989a6b772:3060147285011 |
MSCache 2 / DCC 2 |
2100 |
$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f |
Cisco Type 7 | 100009 |
02031C5A06160324 |
md5crypt | 500 |
$1$28772684$iEwNOgGugqO9.bIz5sk8k/ |
sha256crypt / Unix $5$ |
7400 |
$5$7777657035274252$XftMj84MW.New1/ViLY5V4CM4Y7EBvfETaZsCW9vcJ8 |
sha512crypt / Unix $6$ |
1800 |
$6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/ |
bcrypt / Blowfish Unix $2*$ / Wordpress / Joomla / phpBB | 3200 |
$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6 |
descrypt / DES Unix | 1500 |
48c/R8JAv757A |
MD5 (raw) | 0 |
8743b52063cd84097a65d1633f5c74f5 |
Double MD5 md5(md5($pass)) | 2600 |
a936af92b0ae20b1ff6c3347a72e5fbe |
MD5 + salt ($pass.$salt) | 10 |
01dfae6e5d4d90d9892622325959afbe:7050461 |
MD5 + salt ($salt.$pass) | 20 |
01dfae6e5d4d90d9892622325959afbe:7050461 |
MD5 + salt ($salt.$pass.$salt) | 3800 |
01dfae6e5d4d90d9892622325959afbe:7050461 |
SHA-1 (raw) | 100 |
b89eaac7e61417341b710b727768294d0e6a277b |
SHA-1 UTF16-LE | 170 |
b9798556b741befdbddcbf640d1dd59d19b1e193 |
SHA-1 + salt ($pass.$salt) | 110 |
2fc5a684737ce1bf7b3b239df432416e0dd07357:2014 |
SHA-1 + salt ($salt.$pass) | 120 |
2fc5a684737ce1bf7b3b239df432416e0dd07357:2014 |
SHA-256 (raw) | 1400 |
127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 |
SHA-256 + salt ($pass.$salt) | 1410 |
c73d08de890479518ed60cf670d17faa26a4a71f995c1dcc978165399401a6c4:53743528 |
SHA-256 + salt ($salt.$pass) | 1420 |
c73d08de890479518ed60cf670d17faa26a4a71f995c1dcc978165399401a6c4:53743528 |
SHA256(sha256($pass).$salt) | 20710 |
bfede293ecf6539211a7305ea218b9f3f608953130405cda9eaba6fb6250f824:7218532375810603 |
SHA2-224 | 1300 |
e4fa1555ad877bf0ec455483371867200eee89550a93eff2f95a6198 |
SHA2-384 | 10800 |
07371af1ca1fca7c6941d2399f3610f1e392c56c6d73fddffe38f18c430a2817028dae1ef09ac683b62148a2c8757f42 |
SHA-512 | 1700 |
82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e29134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f |
SHA-512 + salt ($pass.$salt) | 1710 |
e5c3ede3e49fb86592fb03f471c35ba13e8d89b8ab65142c9a8fdafb635fa2223c24e5558fd9313e8995019dcbec1fb584146b7bb12685c7765fc8c0d51379fd:6352283260 |
SHA-512 + salt ($salt.$pass) | 1720 |
e5c3ede3e49fb86592fb03f471c35ba13e8d89b8ab65142c9a8fdafb635fa2223c24e5558fd9313e8995019dcbec1fb584146b7bb12685c7765fc8c0d51379fd:6352283260 |
RIPEMD-160 | 6000 |
012cb9b334ec1aeb71a9c8ce85586082467f7eb6 |
Phpass: "Old" version of Wordpress, Joomla and phpBB Starting with $P$ or $H$ |
400 |
$P$B7ik95kihiX1sTVtelg.qSOwynfSUy1 |
MySQL | 300 |
3fed14c94c0cbb2843ebdfc4774e3a17c1e0d5ee With or without the asterisk * |
MSSQL (2012, 2014) | 1731 |
0x02000102030434ea1b17802fd95ea6316bd61d2c94622ca3812793e8fb1672487b5c904a45a31b2ab4a78890d563d2fcf5663e46fe797d71550494be50cf4915d3f4d55ec375 |
Wifi WPA(2) | 22000 |
- Network dump (.cap, .pcap, .pcapng, ..) or - hash starting with WPA*0 |
Kerberos 5, etype 23, TGS-REP ($krb5tgs) | 13100 |
$krb5tgs$23$*user$realm$test/spn*$63386d22d359fe42230300d56852c9eb$891ad31d09ab89c6b3b8c5e5de6c06a7f49fd559d7a9a3c32576c8fedf705376cea582ab5938f7fc8bc741acf05c5990741b36ef4311fe3562a41b70a4ec6ecba849905f2385bb3799d92499909658c7287c49160276bca0006c350b0db4fd387adc27c01e9e9ad0c20ed53a7e6356dee2452e35eca2a6a1d1432796fc5c19d068978df74d3d0baf35c77de12456bf1144b6a750d11f55805f5a16ece2975246e2d026dce997fba34ac8757312e9e4e6272de35e20d52fb668c5ed |
Kerberos 5, etype 23, AS-REP Roasting ($krb5asrep) | 18200 |
[email protected]:3e156ada591263b8aab0965f5aebd837$007497cb51b6c8116d6407a782ea0e1c5402b17db7afa6b05a6d30ed164a9933c754d720e279c6c573679bd27128fe77e5fea1f72334c1193c8ff0b370fadc6368bf2d49bbfdba4c5dccab95e8c8ebfdc75f438a0797dbfb2f8a1a5f4c423f9bfc1fea483342a11bd56a216f4d5158ccc4b224b52894fadfba3957dfe4b6b8f5f9f9fe422811a314768673e0c924340b8ccb84775ce9defaa3baa0910b676ad0036d13032b0dd94e3b13903cc738a7b6d00b0b3c210d1f972a6c7cae9bd3c959acf7565be528fc179118f28c679f6deeee1456f0781eb8154e18e49cb27b64bf74cd7112a0ebae2102ac |
NetNTLM v2 | 5600 |
admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 |
Apple Secure Notes ($ASN$) | 16200 |
$ASN$*1*20000*80771171105233481004850004085037*d04b17af7f6b184346aad3efefe8bec0987ee73418291a41 |
Apple itunes ($itunes_backup$) | 14700 |
$itunes_backup$*9*b8e3f3a970239b22ac199b622293fe4237b9d16e74bad2c3c3568cd1bd3c471615a6c4f867265642*10000*4542263740587424862267232255853830404566** |
MS Office | 9400, 9500, 9600, 9700, 9800 |
$(old)office$... |
Algorithm | NIST Classification | CISA Classification | Source | Comments |
---|---|---|---|---|
MD5 | Deprecated | Insecure | SP 800-131A | Highly vulnerable to collision and preimage attacks; not suitable for secure use. |
MSCache / DCC | Deprecated | Insecure | SP 800-131A | Weak hashing method used in legacy Windows systems; easily cracked. |
Cisco Type 7 | Deprecated | Insecure | SP 800-57 | Uses reversible encryption; offers no real security. |
md5crypt / Unix $1$ | Deprecated | Insecure | SP 800-131A | Based on MD5; lacks sufficient resistance to modern attacks. |
Office < 2003 (MD5 + RC4) | Deprecated | Insecure | SP 800-131A | Combines weak algorithms; highly vulnerable to attacks. |
MySQL 323 (old) | Deprecated | Insecure | SP 800-131A | Uses a weak hashing function that is trivial to crack. |
descrypt / DES Unix | Deprecated | Insecure | SP 800-131A | Limited key space makes it easy to brute-force. |
Wordpress $P$ | Deprecated | Insecure | SP 800-131A | Uses MD5 without sufficient iterations or enhancements. |
Joomla < v3.2 $P$ | Deprecated | Insecure | SP 800-131A | Uses MD5; not secure for modern applications. |
phpBB < v3.1 $H$ | Deprecated | Insecure | SP 800-131A | Uses MD5; not secure for modern applications. |
SHA-1 | Deprecated / Legacy Use |
Insecure | SP 800-131A | Vulnerable to collision attacks; avoid for secure applications. |
NTLM | Deprecated / Legacy Use |
Insecure | SP 800-131A | Very weak. Susceptible to brute-force and pass-the-hash attacks. |
Apple Secure Notes ($ASN$) | Legacy Use | Legacy Use | SP 800-57 | Moderately secure but lacks modern cryptographic practices. |
Apple iTunes backup ($itunes_backup$) | Legacy Use | Legacy Use | SP 800-57 | Uses weak encryption; vulnerable to brute-force attacks. |
RIPEMD-160 | Legacy Use | Legacy Use | SP 800-131A | Better than MD5 but weaker than SHA-2; not recommended for new systems. |
MSCache 2 / DCC 2 | Legacy Use | Legacy Use | SP 800-131A | Slightly improved over MSCache, but still vulnerable to brute-force attacks due to its reliance on weak hashing methods. |
MySQL 4.1/5 | Legacy Use | Legacy Use | SP 800-57 | Uses SHA-1 internally for password hashing, which is weak and vulnerable to collision and brute-force attacks. |
sha256crypt / Unix $5$ | Approved | Recommended | SP 800-57 | Modern hashing with adequate security for password storage. |
sha512crypt / Unix $6$ | Approved | Recommended | SP 800-57 | Robust hashing with strong security for password storage. |
bcrypt / Blowfish Unix $2*$ | Approved | Recommended | SP 800-57 | Highly secure and widely adopted for password hashing. |
Wordpress $2*$ | Approved | Recommended | SP 800-57 | Uses bcrypt for secure password storage. |
Joomla >= v3.2 $2y$ | Approved | Recommended | SP 800-57 | Utilizes bcrypt, providing strong password hashing with salting and iteration-based key derivation. |
phpBB >= v3.1 $2y$ | Approved | Recommended | SP 800-57 | Adopts bcrypt, ensuring secure password hashing and resistance to brute-force and rainbow table attacks. |
MSSQL (2012, 2014) | Approved | Recommended | FIPS 140-3 | Employs secure password hashing mechanisms like SHA-512 and PBKDF2, making it robust against modern attacks. |
SHA-256 | Approved | Recommended | FIPS 140-3 | Secure and efficient cryptographic hashing. |
SHA2-224 | Approved | Recommended | FIPS 140-3 | A secure cryptographic hash function, though it provides a smaller output size compared to other SHA-2 variants like SHA-256. |
SHA-512 | Approved | Recommended | FIPS 140-3 | Part of the SHA-2 family, offering strong cryptographic security with a larger output size, suitable for high-security applications. |
Oracle S: Type (Oracle 11+) | Approved | Recommended | FIPS 140-3 | Uses robust modern cryptography for database authentication. |
WPA PMKID+EAPOL | Approved | Recommended | SP 800-57 | Used in WPA2/3 for Wi-Fi authentication; considered secure when combined with a strong passphrase and modern protocols. |
Office 2007+ | Approved | Recommended | SP 800-57 | Improved over earlier versions, using AES for encryption, providing robust security for document protection. |
Term (NIST) | Definition | Recommended Usage |
---|---|---|
Deprecated | No longer provides sufficient security; must be avoided. | Transition to alternatives immediately. |
Legacy Use | Still acceptable for specific, existing systems but not for new implementations. | Plan migration to stronger mechanisms. |
Approved | Meets current security standards and is suitable for protecting sensitive data. | Use freely in all secure implementations. |
Term (CISA) | Definition | Recommended Usage |
---|---|---|
Insecure | Fails to meet minimum security requirements and is vulnerable to known attacks. | Avoid completely and transition to secure alternatives immediately. |
Legacy Use | Acceptable in specific, existing systems where migration is not yet feasible, but not recommended for new implementations. | Plan for phasing out and replacing with stronger mechanisms. |
Recommended | Meets current best practices for security and is suitable for protecting sensitive data. | Use in all new and existing secure implementations. |