Is it at all possible for a trained eye to be able to determine which cryptographic hash function is used to hash users passwords in a database table for a specific application. We have an application that doesn’t use oracles default authentication so the application user hashes aren’t stored within $sys.users, they are in a random table specific to the application.  My question is, if you can see the hashes in that table, could you tell which hash function hashed them? Or is there a tool to feed the hash into and for it to tell you which hash function hashed these passwords? Its hard to identify a tool to run dictionary password tests over if you don’t know what hash function is used.

Thanks for the reply. Is there anyway to use that tool "outside" of the backtrack framework tool? Would you need to export the hashes first, how does the process work, how are the hashes "fed in" to the tool? Please excuse my ignorance as I'm new to this.

Thanks cd1zz for the replay, I didn't know about this tool.

And cd122 stoled cd1zz username!! I see double now... 

Now you all now that I am dyslexic... I mix my d, b, p and q, along with u, n and m...

I hate that!!! 

No, don't feel bad!!

Sorry about this, I re-read my last post and I appologize, I really didn't mean to make you feel bad.

I hate being dyslexic, but I didn't hate your comment.

Sorry about the confusion, it's my fault. 

Ouff, I will try to read my emails twice next time!