Here are the algorithms we currently accept
Operating System
| Algorithm | Size (chars) | Sample |
|---|---|---|
| NTLM | 32 | 71eebf819bfcf3c55c18f47673e25520 |
| LM | 32 | 2d0ae01da68d9add11fd4fb99c46e604 |
| MSCache / Domain Cached Credentials | - | 4dd8965d1d476fa0d026722989a6b772:3060147285011 |
| MSCache 2 / Domain Cached Credentials 2 (DCC2) | - | $DCC2$10240#tom#e4e938d12fe5974dc42a90120bd9c90f |
| Cisco-ASA | - | 02dMBMYkTdC5Ziyp:36 |
| Cisco-PIX | 16 | dRRVnUmUHXOTt9nk |
| Cisco-IOS type 4 | 43 | 2btjjy78REtmYkkW0csHUbJZOstRXoWdX1mGrmmfeHI |
| FortiGate (FortiOS) | 47 | AK1AAECAwQFBgcICRARNGqgeC3is8gv2xWWRony9NJnDgE= |
| OSX v10.4 OSX v10.5 OSX v10.6 |
48 | 1430823483d07626ef8be3fda2ff056d0dfd818dbfe47683 |
| OSX v10.7 | 136 | 648742485c9b0acd786a233b2330197223118111b481a \ bfa0ab8b3e8ede5f014fc7c523991c007db6882680b09 \ 962d16fd9c45568260531bdb34804a5e31c22b4cfeb32d |
| OSX v10.8+ | - | $ml$35460$93a94bd24b5de64d79a5e49fa372827e739f4d7b \ 6975c752c9a0ff1e5cf72e05$752351df64dd2ce9dc9c6 \ 4a72ad91de6581a15c19176266b44d98919dfa81f0f96cb \ cb20a1ffb400718c20382030f637892f776627d34e021bad4f81b7de8222 |
| Citrix NetScaler | 49 | 1765058016a22f1b4e076dccd1c3df4e8e5c0839ccded98ea |
| md5crypt / Unix $1$ / Cisco-IOS $1$ | - | $1$28772684$iEwNOgGugqO9.bIz5sk8k/ |
| sha512crypt / Unix $6$ | - | $6$52450745$k5ka2p8bFuSmoVT1tzOyyuaREkkKBcCNqoDKzYiJL9RaE8yMnPgh2XzzF0NDrUhgrcLwg78xs1w5pJiypEdFX/ |
| bcrypt / Blowfish Unix $2*$ | 60 | $2a$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6 |
| DES Unix / DEScrypt | 13 | 48c/R8JAv757A |
| Radmin2 | 32 | 22527bee5c29ce95373c4e0f359f079b |
Raw hashes
| Algorithm | Size (chars) | Sample |
|---|---|---|
| MD4 | 32 | e6ebb89f7a3a17edaf3f2a130e11f349 |
| MD5 (raw) | 32 | 62c4fae0c42ee1d0ac99064b197c7872 |
| MD5 + salt md5($pass.$salt) md5($salt.$pass) |
32+salt | f0fda58630310a6dd91a7d8f0a4ceda2:4225637426 |
| SHA1 | 40 | 7e88f38d60a45b304c0e33a2cd9fb10618738326 |
| SHA2-224 | 56 | e4fa1555ad877bf0ec455483371867200eee89550a93eff2f95a6198 |
| SHA2-256 | 64 | 127e6fbfe24a750e72930c220a8e1382 \ 75656b8e5d8f48a98c3c92df2caba935 |
| SHA2-512 | 128 | 82a9dda829eb7f8ffe9fbe49e45d47d2dad9664f \ bb7adf72492e3c81ebd3e29134d9bc12212bf83c6840 \ f10e8246b9db54a4859b7ccd0123d86e5872c1e5082f |
| RIPEMD-160 | 40 | 012cb9b334ec1aeb71a9c8ce85586082467f7eb6 |
| SipHash | 53 | ad61d78c06037cd9:2:4:81533218127174468417660201434054 |
| Keccak-512 | 128 | - |
| DES (PT = $salt, key = $pass) | 16+16 | a28bc61d44bb815c:1172075784504605 |
Forum, CMS, Framework
| Algorithm | Size (chars) | Sample |
|---|---|---|
| Phpass: "Old" version of Wordpress, Joomla and phpBB Starting with $P$ or $H$ |
34 | $P$B7ik95kihiX1sTVtelg.qSOwynfSUy1 or $H$B7ik95kihiX1sTVtelg.qSOwynfSUy1 |
| bcrypt: "New" version of Wordpress, Joomla and phpBB Starting with $2*$ |
60 | $2y$05$LhayLxezLhK1LhWvKxCyLOj0j1u.Kj0jZ0pEmm134uzrQlFvQJLF6 |
| Old Joomla < v2.5.18 Salted MD5 |
- | 19e0e8d91c722e7091ca7a6a6fb0f4fa: 54718031842521651757785603028777 |
| vBulletin < v3.8.5 | - | 16780ba78d2d5f02f3202901c1b6d975:568 |
| vBulletin >= v3.8.5 | - | bf366348c53ddcfbd16e63edfdd1eee6: 181264250056774603641874043270 |
| IPB2+, MyBB 1.2+ | - | 8d2129083ef35f4b365d5d87487e1207:47204 |
| PrestaShop | - | 810e3d12f0f10777a679d9ca1ad7a8d9: \ M2uZ122bSHJ4Mi54tXGY0lqcv1r28mUluSkyw37ou5oia4i239ujqw0l |
| osCommerce, xt:Commerce | - | 374996a5e8a5e57fd97d893f7df79824:36 |
| Simple Machines Forum > v1.1 | - | ecf076ce9d6ed3624a9332112b1cd67b236fdd11:17782686 |
| Django (SHA1) | - | sha1$fe76b$02d5916550edf7fc8c886f044887f4b1abf9b013 |
| Django (PBKDF2-SHA256) | - | pbkdf2_sha256$20000$H0dPx8NeajVu$GiC4k5kqbbR9qWBlsRgDywNqC2vd9kqfk7zdorEnNas= |
| MediaWiki $B$ | - | $B$56668501$0ce106caa70af57fd525aeaf80ef2898 |
| PunBB | - | 4a2b722cc65ecf0f7797cdaea4bce81f66716eef:653074362104 |
| OpenCart | - | 6e36dcfc6151272c797165fce21e68e7c7737e40:472433673 |
Databases
| Algorithm | Size (chars) | Sample |
|---|---|---|
| MySQL "323" | 16 | 498eb71836f71f74 |
| MySQL v4, v5+ | 40 | 3fed14c94c0cbb2843ebdfc4774e3a17c1e0d5ee With or without the asterisk * |
| MSSQL 2000 | 94 | 0x01002702560500000000000000000000000000000000 \ 000000008db43dd9b1972a636ad0c7d4b8c515cb8ce46578 |
| MSSQL 2005 | 54 | 0x010018102152f8f28c8499d8ef263c53f8be369d799f931b2fbe |
| MSSQL 2012-2014 | 142 | 0x02000102030434ea1b17802fd95ea6316bd61d2c94622 \ ca3812793e8fb1672487b5c904a45a31b2ab4a78890d563d \ 2fcf5663e46fe797d71550494be50cf4915d3f4d55ec375 |
| PostgreSQL | - | a6343a68d964ca596d9752250d54bb8a:postgres |
| Oracle 11+ | 40 + 20 (salt) | 63ec5f6113843f5d229e2d49c068d983a9670d02: \ 57677783202322766743 |
Network Protocol
| Algorithm | Sample |
|---|---|
| WPA 1/2/3 | Can be a network dump (.cap, .pcap, .pcapng, ..) or a hash starting with WPA*0 |
| NetNTLM v1 | u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c |
| NetNTLM v2 | admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030 |
| TACACS+ | $tacacs-plus$0$5fde8e68$4e13e8fb33df$c006 |
| Skype | 3af0389f093b181ae26452015f4ae728:user |
| JWT (JSON Web Token) | eyJhbGciOiJIUzI1NiJ9.eyIzNDM2MzQyMCI6NTc2ODc1NDd9.f1nXZ3V_Hrr6ee-AFCTLaHRnrkiKmio2t3JqwL32guY |
| Apache $apr1$ MD5, md5apr1 | $apr1$71850310$gh9m4xcAn3MGxogwX/ztb. |
| Kerberos 5, etype 23, TGS-REP, a.k.a kerberoast | $krb5tgs$23$*user$realm$test/spn*$63386d22d359fe42230300d56852c9eb$891ad31d09ab89c6b3b8c5e5de6c06a7f49fd559d7a9a3c32576c8fedf705376cea582ab5938f7fc8bc741acf05c5990741b36ef4311fe3562a41b70a4ec6ecba849905f2385bb3799d92499909658c7287c49160276bca0006c350b0db4fd387adc27c01e9e9ad0c20ed53a7e6356dee2452e35eca2a6a1d1432796fc5c19d068978df74d3d0baf35c77de12456bf1144b6a750d11f55805f5a16ece2975246e2d026dce997fba34ac8757312e9e4e6272de35e20d52fb668c5ed |
| Kerberos 5, etype 23, AS-REQ Pre-Auth | $krb5pa$23$user$realm$salt$4e751db65422b2117f7eac7b721932dc8aa0d9966785ecd958f971f622bf5c42dc0c70b532363138363631363132333238383835 |
| Kerberos 5, etype 23, AS-REP a.k.a Roasting AS-REPs | $krb5asrep$23$user@domain.com:3e156ada591263b8aab0965f5aebd837$007497cb51b6c8116d6407a782ea0e1c5402b17db7afa6b05a6d30ed164a9933c754d720e279c6c573679bd27128fe77e5fea1f72334c1193c8ff0b370fadc6368bf2d49bbfdba4c5dccab95e8c8ebfdc75f438a0797dbfb2f8a1a5f4c423f9bfc1fea483342a11bd56a216f4d5158ccc4b224b52894fadfba3957dfe4b6b8f5f9f9fe422811a314768673e0c924340b8ccb84775ce9defaa3baa0910b676ad0036d13032b0dd94e3b13903cc738a7b6d00b0b3c210d1f972a6c7cae9bd3c959acf7565be528fc179118f28c679f6deeee1456f0781eb8154e18e49cb27b64bf74cd7112a0ebae2102ac |
| IKE-PSK MD5 (IPSec) | e957a6a0f53ce06a56e4d82e96bc925ffa3cf7b79f6500b667edad5a1d7bad4619efa734f75cca9c4222fbb169f71d4240aced349eb7126f35cf94772b4af373ddf9b3f1ab3a9ff8cd2705417dca7e36dd9026bd0d472459cea7ad245ce57e4bf7d36efdea2a782978c6161eae98f01eac1ee05578f8e524a0d7748c5a1ec2de:647c051436ee84b39a514fd5f2da24fd3bdbb245ef3ed05cb362c58916bbb2cb93a93e3ec33da27404b82125cfd354c0114a3d10dfca26fab139f91046f2ad996f6091ac7a729305272696ac1769991b81a30826e24cee586f3f383b5e035820e17d9715db433ac75f204f20153a12cf7ee4fa7d11b2823e424c26cb513eb26b:fb3678377967e4db:708993a01df48348:00000001000000010000009801010004030000240101000080010005800200028003000180040002800b0001000c000400007080030000240201000080010005800200018003000180040002800b0001000c000400007080030000240301000080010001800200028003000180040002800b0001000c000400007080000000240401000080010001800200018003000180040002800b0001000c000400007080:01110000c0a83965:19004c6aa04dba354599f0d6afbc866970d751e4:6074841c25c83a0c1abfa348fee2d133399595f2:19a3428d90eb5045363a58dc33f51941 | IKE-PSK SHA1 (Sonicwall VPN, Cisco, ..) | 7a1115b74a1b9d63de62627bdd029aa7a50df83ddbaba88c47d3e51833d21984fb463a2604ba0c82611a11edee7406e1826b2c70410d2797487d1220a4f716d7532fcd73e82b2fd6304f9af5dd1bc0a5dc1eb58bee978f95ffc8b6dc4401d4d2720978f4b0e69ae4dd96e61a1f23a347123aa242f893b33ac74fa234366dc56c:7e599b0168b56608f8a512b68bc7ea47726072ca8e66ecb8792a607f926afc2c3584850773d91644a3186da80414c5c336e07d95b891736f1e88eb05662bf17659781036fa03b869cb554d04689b53b401034e5ea061112066a89dcf8cbe3946e497feb8c5476152c2f8bc0bef4c2a05da51344370682ffb17ec664f8bc07855:419011bd5632fe07:169168a1ac421e4d:00000001000000010000009801010004030000240101000080010005800200028003000180040002800b0001000c000400007080030000240201000080010005800200018003000180040002800b0001000c000400007080030000240301000080010001800200028003000180040002800b0001000c000400007080000000240401000080010001800200018003000180040002800b0001000c000400007080:01110000c0a83965:ee4e517ba0f721798209d04dfcaf965758c4857e:48aada032ae2523815f4ec86758144fa98ad533c:e65f040dad4a628df43f3d1253f821110797a106 |
| iSCSI CHAP authentication, MD5(CHAP) | afd09efdd6f8ca9f18ec77c5869788c3:01020304050607080910111213141516:01 |
| IPMI2 RAKP HMAC-SHA1 | b7c2d6f13a43dce2e44ad120a9cd8a13d0ca23f0414275c0bbe1070d2d1299b1c04da0f1a0f1e4e2537300263a2200000000000000000000140768617368636174:472bdabe2d5d4bffd6add7b3ba79a291d104a9ef |
| nsldap, SHA-1 (Base64), Netscape LDAP SHA | {SHA}uJ6qx+YUFzQbcQtyd2gpTQ5qJ3s= |
| nsldaps, SSHA-1 (Base64), Netscape LDAP SSHA | {SSHA}AZKja92fbuuB9SpRlHqaoXxbTc43Mzc2MDM1Ng== |
| LDAP SSHA-256 (Base64) {SSHA256} | {SSHA256}OZiz0cnQ5hgyel3Emh7NCbhBRCQ+HVBwYplQunHYnER7TLuV |
| LDAP SSHA-512 (Base64) {SSHA256} | {SSHA512}ALtwKGBdRgD+U0fPAy31C28RyKYx7+a8kmfksccsOeLknLHv2DBXYI7TDnTolQMBuPkWDISgZr2cHfnNPFjGZTEyNDU4OTkw |
Password Manager
| Algorithm |
|---|
| Keepass, all versions (1 & 2) |
| 1Password, agilekeychain |
| LastPass / LastPass sniffed |
| JKS Java Key Store Private Keys (SHA1) |
KDF - Key Derivation Function
| Algorithm | Sample |
|---|---|
| PBKDF2-HMAC-MD5 | md5:1000:MTg1MzA=:Lz84VOcrXd699Edsj34PP98+f4f3S0rTZ4kHAIHoAjs= |
| PBKDF2-HMAC-SHA1 | sha1:1000:MzU4NTA4MzIzNzA1MDQ=:19ofiY+ahBXhvkDsp0j2ww== |
| PBKDF2-HMAC-SHA256 | sha256:1000:MTc3MTA0MTQwMjQxNzY=:PYjCU215Mi57AYPKva9j7mvF4Rc5bCnt |
| PBKDF2-HMAC-SHA512 | sha512:1000:ODQyMDEwNjQyODY=:MKaHNWXUsuJB3IEwBHbm3w== |
Cryptocurrency Wallet
| Algorithm | Sample |
|---|---|
| Bitcoin Litecoin PRiVCY wallet (.dat) |
$bitcoin$96$d011a1b6a8d675b7a36d0cd2efaca32a9f8dc1d57d6d01a58399ea04e703e8bbb448 \ 039326f7a00f171a7bbc854a54$16$1563277210780230$158555$96$6288354268182272 \ 4333457044857153635251074082323305571584532274162540768587307602723386534654 \ 219974$66$625882875480513751851333441623702852811440775888122046360561760525 |
| Electrum wallet |
$electrum$1*44358283104603165383613672586868*c43a6632d9f59364f74c395a03d8c2ea |
Archives
| Algorithm | Sample |
|---|---|
| 7-zip | $7z$... |
| Winzip | $zip2$... |
| PKZIP | $pkzip2$... |
| RAR3-hp | $RAR3$... |
| RAR5 | $RAR5$... |
Full-Disk Encryption (FDE)
| Algorithm | Sample |
|---|---|
| Apple File System (APFS) | $fvde$ |
One-Time Passwords
| Algorithm | Sample |
|---|---|
| Time-based OTP (HMAC-SHA1) (e.g. Google Authenticator) |
597056:1583930723 |
Enterprise Software
| Algorithm | Size (chars) | Sample |
|---|---|---|
| Oracle PeopleSoft | 28 | uXmFVrdBvv293L9kDR3VnRmx4ZM= |
| Ansible Vault | - | $ansible$0*0*6b761adc6faeb0cc0bf197d3d4a4a7d3f1682e4b16 \ 9cae8fa6b459b3214ed41e*426d313c5809d4a80a4b9bc7d4823070*d8b \ ad190c7fbc7c3cb1c60a27abfb0ff59d6fb73178681c7454d94a0f56a4360 |
| FilzZilla Server | - | 632c4952b8d9adb2c0076c13b57f0c934c80bdc14fc1b4c341c2e0a8fd97c4528729c7bd7ed1268016fc44c3c222445ebb880eca9a6638ea5df74696883a2978:0608516311148050266404072407085605002866301131581532805665756363 |