I know salt and hash(password + salt), how do I get hash(password)?











up vote
1
down vote

favorite












...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?










share|improve this question






















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54















up vote
1
down vote

favorite












...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?










share|improve this question






















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54













up vote
1
down vote

favorite









up vote
1
down vote

favorite











...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?










share|improve this question













...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?







hash






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 29 at 12:20









George Sovetov

1114




1114












  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54


















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54
















Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22




Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22












@Sjoerd it would make rainbowtables relevant again :)
– schroeder
Nov 29 at 12:50




@Sjoerd it would make rainbowtables relevant again :)
– schroeder
Nov 29 at 12:50












@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55




@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55












@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02




@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02












@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder
Nov 29 at 16:54




@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder
Nov 29 at 16:54










1 Answer
1






active

oldest

votes

















up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198703%2fi-know-salt-and-hashpassword-salt-how-do-i-get-hashpassword%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52















up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52













up vote
11
down vote



accepted







up vote
11
down vote



accepted






You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer














You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 29 at 17:11

























answered Nov 29 at 12:23









schroeder

72.1k29157192




72.1k29157192












  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52


















  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52
















However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50




However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50




1




1




@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder
Nov 29 at 12:51




@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder
Nov 29 at 12:51




2




2




@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52




@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198703%2fi-know-salt-and-hashpassword-salt-how-do-i-get-hashpassword%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Morgemoulin

Scott Moir

Souastre