I have two passwords and two resulting hashes. I can’t figure out how the hash is derived from the password. I don’t know if salting is used. I don’t know if the password is hashed as a integer value or as a string (possibly Unicode).
Password: 6770 Hash: c12114b91a3841c143bbeb121693e80b
Password: 9591 Hash: 25238d578b6a61c2c54bfe55742984c1
The hash length seems to suggest MD5. Anybody has any ideas what I could try?
Note: This is not for hacking purposes. I’m trying to access a service through an API instead of it’s desktop client, and I can’t figure out how to compute the password hash. Currently instead of using my real password I’m sending directly the hash.
Googling up those hash values (!) reveals that 25238d578b6a61c2c54bfe55742984c1 is the md2sum of “9591” (source), and that site has another page confirming the same for 6770 and your first hash value (source2).
(Edit: I have since googled up some md2 source code and cross-checked the hashes.)
(Edited again to comment: You are incredibly lucky that this API uses such a terrible hashing scheme without any salting or prefixes! 🙂 )