I know salt and hash(password + salt), how do I get hash(password)?











up vote
1
down vote

favorite












...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?






hash







share|improve this question







New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54















up vote
1
down vote

favorite












...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?






hash







share|improve this question







New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54













up vote
1
down vote

favorite









up vote
1
down vote

favorite











...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?






hash







share|improve this question







New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











...If it's possible at all.



By hash I mean md5, sha1, sha256.



And how difficult is it? I mean, if it's possible mathematically, are there any tools around?






hash




hash






share|improve this question







New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Nov 29 at 12:20









George Sovetov

1114




1114




New contributor




George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






George Sovetov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54


















  • Is there some underlying question here? Why do you want this?
    – Sjoerd
    Nov 29 at 12:22










  • @Sjoerd it would make rainbowtables relevant again :)
    – schroeder
    Nov 29 at 12:50










  • @Sjoerd This is merely of theoretical interest.
    – George Sovetov
    Nov 29 at 15:55










  • @schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
    – George Sovetov
    Nov 29 at 16:02










  • @GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
    – schroeder
    Nov 29 at 16:54
















Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22




Is there some underlying question here? Why do you want this?
– Sjoerd
Nov 29 at 12:22












@Sjoerd it would make rainbowtables relevant again :)
– schroeder
Nov 29 at 12:50




@Sjoerd it would make rainbowtables relevant again :)
– schroeder
Nov 29 at 12:50












@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55




@Sjoerd This is merely of theoretical interest.
– George Sovetov
Nov 29 at 15:55












@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02




@schroeder I don't know how rainbow tables work and how they differ from indexed tables. It's not just a problem of reversing the hash. I know the salt. That's the difference. If someone who knows how exactly these hash functions work can tell that known salt doesn't help, that's the answer.
– George Sovetov
Nov 29 at 16:02












@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder
Nov 29 at 16:54




@GeorgeSovetov my answer explains all that. A known substring does not weaken the hash.
– schroeder
Nov 29 at 16:54










1 Answer
1






active

oldest

votes

















up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






George Sovetov is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198703%2fi-know-salt-and-hashpassword-salt-how-do-i-get-hashpassword%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52















up vote
11
down vote



accepted










You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer























  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52













up vote
11
down vote



accepted







up vote
11
down vote



accepted






You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.






share|improve this answer














You cannot extract a substring from a hash, and that's what you are asking to do.



Take the terminology out of your question and it becomes: How do I get



hash("apple baker charlie") from hash("apple baker charlie delta")?



You cannot. Hashes are one-way processes. You would have to crack the entire hash, know what the salt was, then rehash the original string (the password, in your example).



Knowing the salt does one thing (potentially) for you: you know that you have cracked the hash because you can identify the salt in the result. But this does not technically make the process faster.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 29 at 17:11

























answered Nov 29 at 12:23









schroeder

72k29156191




72k29156191












  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52


















  • However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
    – ecdsa
    Nov 29 at 12:50






  • 1




    @ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
    – schroeder
    Nov 29 at 12:51






  • 2




    @ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
    – ThoriumBR
    Nov 29 at 12:52
















However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50




However, a problem with appending the salt to the password like this is that depending on the length of the password, the length of the salt, their character set and the hash function it might be possible to use a rainbow table to reverse the string "password + salt" and then just split the salt off.
– ecdsa
Nov 29 at 12:50




1




1




@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder
Nov 29 at 12:51




@ecdsa I thought that's part of what I covered in "crack the entire hash". Am I missing something?
– schroeder
Nov 29 at 12:51




2




2




@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52




@ecdsa It may be possible, but the amount of depends is large, and the effort way too big to think it's reasonable possible. You will end up bruteforcing the entire hash space, twice.
– ThoriumBR
Nov 29 at 12:52










George Sovetov is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















George Sovetov is a new contributor. Be nice, and check out our Code of Conduct.













George Sovetov is a new contributor. Be nice, and check out our Code of Conduct.












George Sovetov is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198703%2fi-know-salt-and-hashpassword-salt-how-do-i-get-hashpassword%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

QoS: MAC-Priority for clients behind a repeater

Image
1 1 I've setup a wireless network using a Linksys-Router (DD-WRT) as an AP and a TP-Link repeater for range extension. To manage bandwith for specific users, I've setup QoS-Rules on the AP (DD-WRT) using MAC-Priority: However the AP shows only the Repeater's MAC and the MACs of users inside the AP-Range. The MAC addresses of users behind the Repeater are not listed : The purple MAC is not listed in the AP-Clientlist. Its related to a device connected via the TP-Link repeater. Q: How can I setup MAC-Priority for repeater-clients? Do I simply add the purple MAC in AP-MAC priority list although it's not listed as a client? I want to setup specific priority instead of giving one priority for all clients behind the repeater by adding the repeater's MAC in the MAC priority list in the AP as
Read more

Ивакино (Тотемский район)

Image
У этого топонима есть и другие значения, см. Ивакино. Деревня Ивакино 59°42′01″ с. ш. 42°01′36″ в. д. H G Я O Страна Россия   Россия Субъект Федерации Вологодская область Муниципальный район Тотемский район Сельское поселение Погореловское История и география Тип климата умеренно-континентальный Часовой пояс UTC+3 Население Население 33 человека ( 2002 ) Национальности русские Цифровые идентификаторы Почтовый индекс 161327 Код ОКАТО 19 246 848 008 Код ОКТМО 19 646 448 136 Прочее Рег. номер 6261 Показать/скрыть карты Ивакино Ивакино Ивакино Ивакино — деревня в Тотемском районе Вологодской области. Входит в состав Погореловского сельского поселения [1] , с точки зрения административно-территориального деления — в Погореловский сельсовет. Расстояние по автодороге до районного центра Тотьмы — 61,5 км, до центра муниципального образования деревни Погорелово — 1,5 км.
Read more

Can't locate Autom4te/ChannelDefs.pm in @INC (when it definitely is there)

Image
up vote 1 down vote favorite I've been running into trouble running make for a build process that I know works on a 32-bit Ubuntu VM. I am running a 64-bit Ubuntu VM, and I have a feeling that the 64-bit may be the problem, but am not entirely sure. Basically, when I run the make command, I get the following error: Can't locate Autom4te/ChannelDefs.pm in @INC (@INC contains: [...]/staging_dir/host/share/autoconf /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl .) at [...]/staging_dir/host/bin/autoreconf line 40. Now if I navigate to [...]/staging_dir/host/share/autoconf I can see that, contrary to what autoreconf thinks, Autom4te/ChannelDefs.pm definitely exists, so I don't really understand what
Read more