I am building an application in C# that works with a Progress database. The passwords that are stored in this database are stored using a hash algorithm that Progress has not made public. However, I would like to authenticate using these hashes. Is it feasible to reverse engineer such a hash algorithm and how would I go about doing this?
To be clear: I am not looking for a way to get the unhashed passwords from the hashes. I'm looking for the algorithm to get a hash from a password.
Best Answer
According to this topic you are not the first one who is looking for that algorithm. As already mentioned Progress is not willing to share much about this algorithm.
While it's most probably possible to do crack the algorithm, it's generally easier to use Progress itself to calculate hashes. The other option is to switch from using that Progress funtion to a more standard variants (like SHA-1).
Now, more clarification of what "variation" could possibly mean. Suppose something like:
while it's still same CRC16 it will produce totally different results (comparing to
CRC16(pass)). So the only way to get real algorithm is to use disassembler to see the actual code, since it's probably impossible to do anything observing only input and output.There is no "structural approach" to guess algorithm from input and result unless you have a pattern, and that's exactly that ideal hash need not to have.