How best to display a file hash - encoding

Simple question. What is the best (most universal) way to display a file hash? Below are two SHA256 hashes for the same file. One is displayed as base64 and one is...something else. The file hash will be used for auditing to make sure the file we send is the same as the file the auditor received. If the hash needs to be verified, I want to make sure I provide the hash that is the most easily verifiable.
SHA256 55461e72cccb74b475278189956b9db307bf44945e1639af93c34b224b7fcfd
SHA256 Base 64 VUYecszLdLR1J4GJlWudswe/RJReFjmvk8NLIkt/z9s=


55461e72cccb74b475278189956b9db307bf44945e1639af93c34b224b7fcfd
The point of Base64 is to constrain the character set to displayable characters. The hash is in hexadecimal which is even more constrained.

Related

SHA256 odd hex input

I was trying to hash 'abc' as a hex number input on two different sites, but both give different hash.
Later I found out, that one site interprets it as '0abc' and the second one as 'abc0'.
Since I'm finishing my sha256 hashing program, I was wondering which one is correct.
Thank you

What is this hash algorithm?

Being a pentester, I have encountered a hash divided in two parts (the first one probably being the salt) seemingly encoded in Base64 but I am unable to find out the encryption type.
The input that gave me this hash is the string "password". Is anybody able to give me a hint ?
67Wm8zeMSS0=
s9bD0QOa7A6THDMLa39+3LmXgcxzUFdmszeZdlTUzjY=
Thanks in advance

Maybe it's SHA-256 encoded (or any other 256 bit hash algorithm), because if you base64 decode it and hex encode you get:
ebb5a6f3378c492d
b3d6c3d1039aec0e931c330b6b7f7edcb99781cc73505766b337997654d4ce36
The first has an length of 16 and the second a length of 64. That's probably not a coincidence.
Edit: Maybe it's hashed multiple times; an iterated hash. As this post says it is better to decompile the software.

SHA1 Hash in BitTorrent is not text

I am learning how the bitTorrent and Bencoded dictionary of bitTorrent. But I don't understand how the pieces are encoded in SHA-1 in the torrent metainfo file. As from my knowledge SHA-1 hash is look like this aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d, but instead it look like this KÅ•Š8yç=¾4f¯gBûõÿm¶¤lâFiÔ
Somebody tell me what is this?

No, your assumption is wrong. SHA-1 doesn't "look like this aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d" as hash functions returns just list of bytes. What you have seen as KÅ•Š8yç=¾4f¯gBûõÿm¶¤lâFiÔ is just output of that function which your viewer tries to output as a text, which obviously fails.

Is there a way to test if a string is encrypted in perl?

I was wondering if there is a way to "test" to see if a particular string is encrypted or not.
I am using Crypt::CBC to encrypt a password with Rijndael.
As it stands my script has a "switch" that is either set as 0 or 1 that tells the script weather or not the password needs to be passed through the decrypt phase in order to be read.
I would like to eliminate that phase if I could.
The reason is I am trying to prevent the users of script from possibly prsenting the script with a situation where the password is encrypted but the "switch" was set to 0 meaning not encrypted because this would create a huge "trainwreck".

change your apps so passwords are only stored encrypted. confusion gone.

Rijndael has a block size of 128-bits so the output will always be a multiple of this.
If the encrypted passwords are hex-encoded then that will give you strings that are a multiple of 32 characters. In fact, with the IV added, the strings will always be at least 64 characters: 128 bits of IV followed by 128 bits of ciphertext block 1.
You could therefore look for strings of the right length that contain only [0-9a-f]. They are probably encrypted because I suspect few people can use a 64-character string of randomness as their real password.
If they're base64 encoded then the strings will be a different length, obviously.
This doesn't guarantee that you can always detect an encrypted password but it's probably not too bad.

Encrypt/Decrypt with AES

I'm writing small program to encrypt/decrypt files using AES. I'm using Cryptopp library.
I need help to understand some things.
When I'm encrypting file I should write IV at the beginning of file to decrypt it later?
I wan't to check password given do decrypt file was correct. Should I:
put some string at beginning of file (ex. TRUE) before it's encrypted. After decryption check it.
Check MD5 of file before encryption. Put it at beginning of encrypted file. Read MD5 before decryption, decrypt file, check MD5 of decrypted file and compare them.

Writing the IV at the beginning of the file is fine. Appending to the end is another option.
Do not put a static string into the plaintext: ENIGMA transcripts were more easily broken for very similar reasons, and the zip format makes brute-forcing passwords very easy for this identical mistake.
The md5 approach sounds tolerable; but hmac-sha256 would provide significantly stronger integrity claims. (I think you could even re-use the AES key or the IV for hmac-sha256, but I'm not positive of its safety.)