Originally Posted by website

The sig was 32 characters long, typically an MD5 hash. The etoken looked base64 encoded. After reversing the base64, we were left with a binary string. In hex, it was 256 chars in length. Taking a rough guess, this is probably a SHA2-256 hash, or any other hash that is the same length. This is a fairly tough hash for whatever data our client is sending. Being a one-way hash, there is no easy way to find the contents of the message.