Algorithms Acceptance | Online Hash Crack

Here are the algorithms we currently accept

To ensure the responsible use of our services and to prevent misuse, certain algorithms may necessitate user verification. This could include methods such as email, phone number, or email domain verification. This measure is in place to guarantee that our services are utilized in accordance with a legal agreement, particularly in scenarios involving forensics or audits. It is mandatory that all hashes submitted to us are acquired through lawful means.

Algorithm	Mode	Sample
NTLM	`1000`	`71eebf819bfcf3c55c18f47673e25520`
MSCache / DCC	`1100`	`4dd8965d1d476fa0d026722989a6b772:3060147285011`
MSCache 2 / DCC 2	`2100`	`$DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f`
Cisco Type 7	`100009`	`02031C5A06160324`
md5crypt	`500`	`$1$28772684$iEwNOgGugqO9.bIz5sk8k/`
sha256crypt / Unix $5$	`7400`	`$5$7777657035274252$XftMj84MW.New1/ViLY5V4CM4Y7EBvfETaZsCW9vcJ8`
sha512crypt / Unix $6$	`1800`	`$6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/`
bcrypt / Blowfish Unix $2*$ / Wordpress / Joomla / phpBB	`3200`	`$2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6`
descrypt / DES Unix	`1500`	`48c/R8JAv757A`
MD5 (raw)	`0`	`8743b52063cd84097a65d1633f5c74f5`
Double MD5 md5(md5($pass))	`2600`	`a936af92b0ae20b1ff6c3347a72e5fbe`
MD5 + salt ($pass.$salt)	`10`	`01dfae6e5d4d90d9892622325959afbe:7050461`
MD5 + salt ($salt.$pass)	`20`	`01dfae6e5d4d90d9892622325959afbe:7050461`
MD5 + salt ($salt.$pass.$salt)	`3800`	`01dfae6e5d4d90d9892622325959afbe:7050461`
SHA-1 (raw)	`100`	`b89eaac7e61417341b710b727768294d0e6a277b`
SHA-1 UTF16-LE	`170`	`b9798556b741befdbddcbf640d1dd59d19b1e193`
SHA-1 + salt ($pass.$salt)	`110`	`2fc5a684737ce1bf7b3b239df432416e0dd07357:2014`
SHA-1 + salt ($salt.$pass)	`120`	`2fc5a684737ce1bf7b3b239df432416e0dd07357:2014`
SHA-256 (raw)	`1400`	`127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935`
SHA-256 + salt ($pass.$salt)	`1410`	`c73d08de890479518ed60cf670d17faa26a4a71f995c1dcc978165399401a6c4:53743528`
SHA-256 + salt ($salt.$pass)	`1420`	`c73d08de890479518ed60cf670d17faa26a4a71f995c1dcc978165399401a6c4:53743528`
SHA256(sha256($pass).$salt)	`20710`	`bfede293ecf6539211a7305ea218b9f3f608953130405cda9eaba6fb6250f824:7218532375810603`
SHA2-224	`1300`	`e4fa1555ad877bf0ec455483371867200eee89550a93eff2f95a6198`
SHA2-384	`10800`	`07371af1ca1fca7c6941d2399f3610f1e392c56c6d73fddffe38f18c430a2817028dae1ef09ac683b62148a2c8757f42`
SHA-512	`1700`	`82a9dda829eb7f8ffe9fbe49e45d47d2dad9664fbb7adf72492e3c81ebd3e29134d9bc12212bf83c6840f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f`
SHA-512 + salt ($pass.$salt)	`1710`	`e5c3ede3e49fb86592fb03f471c35ba13e8d89b8ab65142c9a8fdafb635fa2223c24e5558fd9313e8995019dcbec1fb584146b7bb12685c7765fc8c0d51379fd:6352283260`
SHA-512 + salt ($salt.$pass)	`1720`	`e5c3ede3e49fb86592fb03f471c35ba13e8d89b8ab65142c9a8fdafb635fa2223c24e5558fd9313e8995019dcbec1fb584146b7bb12685c7765fc8c0d51379fd:6352283260`
RIPEMD-160	`6000`	`012cb9b334ec1aeb71a9c8ce85586082467f7eb6`
Phpass: "Old" version of Wordpress, Joomla and phpBB Starting with $P$ or $H$	`400`	`$P$B7ik95kihiX1sTVtelg.qSOwynfSUy1`
MySQL	`300`	`3fed14c94c0cbb2843ebdfc4774e3a17c1e0d5ee` With or without the asterisk *
MSSQL (2012, 2014)	`1731`	`0x02000102030434ea1b17802fd95ea6316bd61d2c94622ca3812793e8fb1672487b5c904a45a31b2ab4a78890d563d2fcf5663e46fe797d71550494be50cf4915d3f4d55ec375`
Wifi WPA(2)	`22000 16800`	- Network dump (.cap, .pcap, .pcapng, ..) or - hash starting with `WPA*0`
Kerberos 5, etype 23, TGS-REP ($krb5tgs)	`13100`	`$krb5tgs$23$user$realm$test/spn$63386d22d359fe42230300d56852c9eb$891ad31d09ab89c6b3b8c5e5de6c06a7f49fd559d7a9a3c32576c8fedf705376cea582ab5938f7fc8bc741acf05c5990741b36ef4311fe3562a41b70a4ec6ecba849905f2385bb3799d92499909658c7287c49160276bca0006c350b0db4fd387adc27c01e9e9ad0c20ed53a7e6356dee2452e35eca2a6a1d1432796fc5c19d068978df74d3d0baf35c77de12456bf1144b6a750d11f55805f5a16ece2975246e2d026dce997fba34ac8757312e9e4e6272de35e20d52fb668c5ed`
Kerberos 5, etype 23, AS-REP Roasting ($krb5asrep)	`18200`	[email protected]:3e156ada591263b8aab0965f5aebd837$007497cb51b6c8116d6407a782ea0e1c5402b17db7afa6b05a6d30ed164a9933c754d720e279c6c573679bd27128fe77e5fea1f72334c1193c8ff0b370fadc6368bf2d49bbfdba4c5dccab95e8c8ebfdc75f438a0797dbfb2f8a1a5f4c423f9bfc1fea483342a11bd56a216f4d5158ccc4b224b52894fadfba3957dfe4b6b8f5f9f9fe422811a314768673e0c924340b8ccb84775ce9defaa3baa0910b676ad0036d13032b0dd94e3b13903cc738a7b6d00b0b3c210d1f972a6c7cae9bd3c959acf7565be528fc179118f28c679f6deeee1456f0781eb8154e18e49cb27b64bf74cd7112a0ebae2102ac
NetNTLM v2	`5600`	`admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030`
Apple Secure Notes ($ASN$)	`16200`	`$ASN$12000080771171105233481004850004085037d04b17af7f6b184346aad3efefe8bec0987ee73418291a41`
Apple itunes ($itunes_backup$)	`14700`	`$itunes_backup$9b8e3f3a970239b22ac199b622293fe4237b9d16e74bad2c3c3568cd1bd3c471615a6c4f867265642100004542263740587424862267232255853830404566**`
MS Office	`9400, 9500, 9600, 9700, 9800`	`$(old)office$...`

Algorithm	NIST Classification	CISA Classification	Source	Comments
MD5	Deprecated	Insecure	SP 800-131A	Highly vulnerable to collision and preimage attacks; not suitable for secure use.
MSCache / DCC	Deprecated	Insecure	SP 800-131A	Weak hashing method used in legacy Windows systems; easily cracked.
Cisco Type 7	Deprecated	Insecure	SP 800-57	Uses reversible encryption; offers no real security.
md5crypt / Unix $1$	Deprecated	Insecure	SP 800-131A	Based on MD5; lacks sufficient resistance to modern attacks.
Office < 2003 (MD5 + RC4)	Deprecated	Insecure	SP 800-131A	Combines weak algorithms; highly vulnerable to attacks.
MySQL 323 (old)	Deprecated	Insecure	SP 800-131A	Uses a weak hashing function that is trivial to crack.
descrypt / DES Unix	Deprecated	Insecure	SP 800-131A	Limited key space makes it easy to brute-force.
Wordpress $P$	Deprecated	Insecure	SP 800-131A	Uses MD5 without sufficient iterations or enhancements.
Joomla < v3.2 $P$	Deprecated	Insecure	SP 800-131A	Uses MD5; not secure for modern applications.
phpBB < v3.1 $H$	Deprecated	Insecure	SP 800-131A	Uses MD5; not secure for modern applications.
SHA-1	Deprecated / Legacy Use	Insecure	SP 800-131A	Vulnerable to collision attacks; avoid for secure applications.
NTLM	Deprecated / Legacy Use	Insecure	SP 800-131A	Very weak. Susceptible to brute-force and pass-the-hash attacks.
Apple Secure Notes ($ASN$)	Legacy Use	Legacy Use	SP 800-57	Moderately secure but lacks modern cryptographic practices.
Apple iTunes backup ($itunes_backup$)	Legacy Use	Legacy Use	SP 800-57	Uses weak encryption; vulnerable to brute-force attacks.
RIPEMD-160	Legacy Use	Legacy Use	SP 800-131A	Better than MD5 but weaker than SHA-2; not recommended for new systems.
MSCache 2 / DCC 2	Legacy Use	Legacy Use	SP 800-131A	Slightly improved over MSCache, but still vulnerable to brute-force attacks due to its reliance on weak hashing methods.
MySQL 4.1/5	Legacy Use	Legacy Use	SP 800-57	Uses SHA-1 internally for password hashing, which is weak and vulnerable to collision and brute-force attacks.
sha256crypt / Unix $5$	Approved	Recommended	SP 800-57	Modern hashing with adequate security for password storage.
sha512crypt / Unix $6$	Approved	Recommended	SP 800-57	Robust hashing with strong security for password storage.
bcrypt / Blowfish Unix $2*$	Approved	Recommended	SP 800-57	Highly secure and widely adopted for password hashing.
Wordpress $2*$	Approved	Recommended	SP 800-57	Uses bcrypt for secure password storage.
Joomla >= v3.2 $2y$	Approved	Recommended	SP 800-57	Utilizes bcrypt, providing strong password hashing with salting and iteration-based key derivation.
phpBB >= v3.1 $2y$	Approved	Recommended	SP 800-57	Adopts bcrypt, ensuring secure password hashing and resistance to brute-force and rainbow table attacks.
MSSQL (2012, 2014)	Approved	Recommended	FIPS 140-3	Employs secure password hashing mechanisms like SHA-512 and PBKDF2, making it robust against modern attacks.
SHA-256	Approved	Recommended	FIPS 140-3	Secure and efficient cryptographic hashing.
SHA2-224	Approved	Recommended	FIPS 140-3	A secure cryptographic hash function, though it provides a smaller output size compared to other SHA-2 variants like SHA-256.
SHA-512	Approved	Recommended	FIPS 140-3	Part of the SHA-2 family, offering strong cryptographic security with a larger output size, suitable for high-security applications.
Oracle S: Type (Oracle 11+)	Approved	Recommended	FIPS 140-3	Uses robust modern cryptography for database authentication.
WPA PMKID+EAPOL	Approved	Recommended	SP 800-57	Used in WPA2/3 for Wi-Fi authentication; considered secure when combined with a strong passphrase and modern protocols.
Office 2007+	Approved	Recommended	SP 800-57	Improved over earlier versions, using AES for encryption, providing robust security for document protection.

Term (NIST)	Definition	Recommended Usage
Deprecated	No longer provides sufficient security; must be avoided.	Transition to alternatives immediately.
Legacy Use	Still acceptable for specific, existing systems but not for new implementations.	Plan migration to stronger mechanisms.
Approved	Meets current security standards and is suitable for protecting sensitive data.	Use freely in all secure implementations.

Term (CISA)	Definition	Recommended Usage
Insecure	Fails to meet minimum security requirements and is vulnerable to known attacks.	Avoid completely and transition to secure alternatives immediately.
Legacy Use	Acceptable in specific, existing systems where migration is not yet feasible, but not recommended for new implementations.	Plan for phasing out and replacing with stronger mechanisms.
Recommended	Meets current best practices for security and is suitable for protecting sensitive data.	Use in all new and existing secure implementations.