What kind of password hash/encryption is this?

Question

Trying to find out what kind of hash/encryption this is in a SQL db. We want to create an app to do password resets but I cannot for the life of me find how they are generating this value.

Here are multiple examples

{enc:1}gdyb21LQTcIANtvYMT7QVQ==
{enc:1}ZEImYhrd/Ot/LcewJCFdMw==
{enc:1}+IOSBzegAx7nSytO1J3GEw==
{enc:1}6ULa1IFMxavY7SE66K3UDg==
{enc:1}UEFeGim2M8d0Iee7ejFRUw==
{enc:1}RjqL5rXOBpqJAKPjYkwLtw==
{enc:1}V/PEslecyYxFki03H4ctAQ==
{enc:1}VDEm9QmD+L7tsqcPz/S9XQ==
{enc:1}YkQuEPpL6dRfDLwKMEVMMg==
{enc:1}86rG96EP7T3tx9e8C7513g==
{enc:1}xvSwvsmkgwtXwVISvg7mJQ==
{enc:1}KjCF0RD4tcUGEP4Bpafw5A==
{enc:1}z9pGrdm4QAoomrFCJCXQIQ==
{enc:1}yhLv0HeW90FENKJjV9Nb+g==
{enc:1}EtYMl5FOW+zdpVvWsIj3Rw==

Answer 1

Let's take it apart:

{enc:1}gdyb21LQTcIANtvYMT7QVQ==

The {enc:1} part is likely to be versioning of some form. This is reasonably common so that you can upgrade whatever hashing/encryption algorithm you use over time. Each value identifies the algorithm used to produce the hash - if the implementation decides to use a different approach, it would know to validate a password using the first version, but could then replace the {enc:1} with {enc:2} or whatever, along with the new form of the hash.

The rest is base64 - and it's 24 characters ending in ==, which means the original value is 16 bytes.

So it's a 16 byte (128 bit) hash of some kind, with a versioning prefix. That's pretty much all we can tell... it could be any 128 bit hash, or possibly 128 bits of a longer hash (although you'd have to wonder why they threw away data at that point).

You could perform further tests if you can create your own users with passwords. For example, do two users with the same password end up with the same hash? If not, if you change from password X to password Y and then back to password X for a single user, does that get to the same hash? (There's no obvious salt in the value, although the username could be used as the salt.)