How to determine that the submitted text is a SHA256 hash sum?

N

nnikolyaa2021-10-18 12:26:56

Python

nnikolyaa, 2021-10-18 12:26:56

I have a client-server connection. For greater security when transferring data, the login password on the client side is translated into SHA256. The problem is that there are "smart people" who can remove the conversion to SHA256 function. But on the server, this is not limited in any way, which reduces security. Is it possible to find out that the presented text is a hash sum?

Initial client:

#command : passwd 1234 12345
command = values['-REQUEST-']
command_split = command.split()
command = command_split[0] + " " + sha(command_split[1]) + " " + sha(command_split[2])
#command : passwd 03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4 5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5

Client without hashfunk:

#command : passwd 1234 12345
command = values['-REQUEST-']
command_split = command.split()
command = command_split[0] + " " + command_split[1] + " " + command_split[2]
#command : passwd 1234 12345

Server:

olp_pass = str(incoming_split[1])
new_pass = str(incoming_split[2])
if data[incoming_user]['password'] == olp_pass:
  data[incoming_user]['password'] = new_pass

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Kuts, 2021-10-18
@nnikolyaa

Well, your hash is 64 characters long and contains the 0123456789abcdef
character set . If both conditions match, then consider the hash.