I know salt and hash(password + salt), how do I get hash(password)?
up vote
1
down vote
favorite
...If it's possible at all.
By hash
I mean md5
, sha1
, sha256
.
And how difficult is it? I mean, if it's possible mathematically, are there any tools around?
hash
add a comment |
up vote
1
down vote
favorite
...If it's possible at all.
By hash
I mean md5
, sha1
, sha256
.
And how difficult is it? I mean, if it's possible mathematically, are there any tools around?
hash
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
...If it's possible at all.
By hash
I mean md5
, sha1
, sha256
.
And how difficult is it? I mean, if it's possible mathematically, are there any tools around?
hash
...If it's possible at all.
By hash
I mean md5
, sha1
, sha256
.
And how difficult is it? I mean, if it's possible mathematically, are there any tools around?
hash
hash
asked Nov 29 at 12:20
George Sovetov
1114
1114
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54
add a comment |
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54
add a comment |
1 Answer
1
active
oldest
votes
up vote
11
down vote
accepted
You cannot extract a substring from a hash, and that's what you are asking to do.
Take the terminology out of your question and it becomes: How do I get
hash("apple baker charlie")
from hash("apple baker charlie delta")
?
You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).
Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
11
down vote
accepted
You cannot extract a substring from a hash, and that's what you are asking to do.
Take the terminology out of your question and it becomes: How do I get
hash("apple baker charlie")
from hash("apple baker charlie delta")
?
You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).
Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
add a comment |
up vote
11
down vote
accepted
You cannot extract a substring from a hash, and that's what you are asking to do.
Take the terminology out of your question and it becomes: How do I get
hash("apple baker charlie")
from hash("apple baker charlie delta")
?
You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).
Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
add a comment |
up vote
11
down vote
accepted
up vote
11
down vote
accepted
You cannot extract a substring from a hash, and that's what you are asking to do.
Take the terminology out of your question and it becomes: How do I get
hash("apple baker charlie")
from hash("apple baker charlie delta")
?
You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).
Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.
You cannot extract a substring from a hash, and that's what you are asking to do.
Take the terminology out of your question and it becomes: How do I get
hash("apple baker charlie")
from hash("apple baker charlie delta")
?
You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).
Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.
edited Nov 29 at 17:11
answered Nov 29 at 12:23
schroeder♦
72.1k29157192
72.1k29157192
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
add a comment |
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50
1
1
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder♦
Nov 29 at 12:51
2
2
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198703%2fi-know-salt-and-hashpassword-salt-how-do-i-get-hashpassword%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22
@Sjoerd it would make rainbowtables relevant again :)
– schroeder♦
Nov 29 at 12:50
@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55
@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02
@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder♦
Nov 29 at 16:54