Cracking a hash when you know the result?Salts, how does the script know what the salt is?Openssl implementation of improved sha1 hashingCould a very long password theoretically eliminate the need for a slow hash?Injecting salt into PyCrypto KDF - useful?How is the MD2 hash function S-table constructed from Pi?Is there an encryption that is only reversible with a key?If you hashed a hash an infinite number of times would you end up with a unique hash?Can you use a hash as a password?How secure is reducing length and concatentation of hash?Cracking pdf file with arabic password using hashcat
Why wasn't ASCII designed with a contiguous alphanumeric character order?
Why did the Apple //e make a hideous noise if you inserted the disk upside down?
What happens if a caster is surprised while casting a spell with a long casting time?
Checkmate in 1 on a Tangled Board
What is an entropy graph
A* pathfinding algorithm too slow
Conference in Los Angeles, visa?
If I were to build a J3 cub twice the size of the original using the same CG would it fly?
Losing queen and then winning the game
My colleague is constantly blaming me for his errors
Why can't you move another user's directory when you can move their file?
Sharing referee/AE report online to point out a grievous error in refereeing
Bin Packing with Relational Penalization
Having to constantly redo everything because I don't know how to do it?
Why would anyone even use a Portkey?
Is it okay to submit a paper from a master's thesis without informing the advisor?
Journal standards vs. personal standards
Adjective for 'made of pus' or 'corrupted by pus' or something of something of pus
If I have the War Caster feat, can I use the Thorn Whip cantrip to stop an enemy caster from escaping using the Dimension Door spell?
How can I know if a PDF file was created via LaTeX or XeLaTeX?
Why wasn't EBCDIC designed with contiguous alphanumeric characters?
Ways to get SMD resistors from a strip
Making a wall made from glass bricks
How to describe POV characters?
Cracking a hash when you know the result?
Salts, how does the script know what the salt is?Openssl implementation of improved sha1 hashingCould a very long password theoretically eliminate the need for a slow hash?Injecting salt into PyCrypto KDF - useful?How is the MD2 hash function S-table constructed from Pi?Is there an encryption that is only reversible with a key?If you hashed a hash an infinite number of times would you end up with a unique hash?Can you use a hash as a password?How secure is reducing length and concatentation of hash?Cracking pdf file with arabic password using hashcat
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
$begingroup$
If I know that the algorithm used is SHA1 constructed as salt+key, and I have the result, is it possible to find the salt?
Example:
sha1(saltExamplealturkovic) => 4e6a306ff65e252571f36972949f45e513b79ba7
In this example, I know that the input value is alturkovic, the result is 4e6a306ff65e252571f36972949f45e513b79ba7, how it is constructed and that SHA1 is used as the hashing algorithm. I would like to find out what salt was used (with some common sense limits of course, such as length).
I tried using hashcat but I can't figure out if this can even be done using such a tool...
hash salt
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
add a comment |
$begingroup$
If I know that the algorithm used is SHA1 constructed as salt+key, and I have the result, is it possible to find the salt?
Example:
sha1(saltExamplealturkovic) => 4e6a306ff65e252571f36972949f45e513b79ba7
In this example, I know that the input value is alturkovic, the result is 4e6a306ff65e252571f36972949f45e513b79ba7, how it is constructed and that SHA1 is used as the hashing algorithm. I would like to find out what salt was used (with some common sense limits of course, such as length).
I tried using hashcat but I can't figure out if this can even be done using such a tool...
hash salt
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
2
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago
add a comment |
$begingroup$
If I know that the algorithm used is SHA1 constructed as salt+key, and I have the result, is it possible to find the salt?
Example:
sha1(saltExamplealturkovic) => 4e6a306ff65e252571f36972949f45e513b79ba7
In this example, I know that the input value is alturkovic, the result is 4e6a306ff65e252571f36972949f45e513b79ba7, how it is constructed and that SHA1 is used as the hashing algorithm. I would like to find out what salt was used (with some common sense limits of course, such as length).
I tried using hashcat but I can't figure out if this can even be done using such a tool...
hash salt
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
$endgroup$
If I know that the algorithm used is SHA1 constructed as salt+key, and I have the result, is it possible to find the salt?
Example:
sha1(saltExamplealturkovic) => 4e6a306ff65e252571f36972949f45e513b79ba7
In this example, I know that the input value is alturkovic, the result is 4e6a306ff65e252571f36972949f45e513b79ba7, how it is constructed and that SHA1 is used as the hashing algorithm. I would like to find out what salt was used (with some common sense limits of course, such as length).
I tried using hashcat but I can't figure out if this can even be done using such a tool...
hash salt
hash salt
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
asked 8 hours ago
alturkovicalturkovic
1083 bronze badges
1083 bronze badges
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
alturkovic is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago
add a comment |
2
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago
2
2
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago
add a comment |
1 Answer
1
active
oldest
votes
$begingroup$
TL;DR: Salts are too long to try and brute force them.
In theory
You can create a mask attack using hashcat, specifically a hybrid attack.
Let's assume you know that the salt used is (only) 4 numbers.
-a 7 ?d?d?d?d myKnownKey.txt
myKnownKey.txt contains the key alturkovic.
This setup would then try out these combinations:
- 0000alturkovic
- 0001alturkovic
- 0002alturkovic
- $ldots$
- 9999alturkovic
This is one example of how to create hybrid attacks using hashcat.
In practice
In practice salts are (as SEJPM commented) of course not only just 4 digits long but they are very long random alphanumerical characters and thus renders any brute force attacks impractical.
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
$endgroup$
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
alturkovic is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71618%2fcracking-a-hash-when-you-know-the-result%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
TL;DR: Salts are too long to try and brute force them.
In theory
You can create a mask attack using hashcat, specifically a hybrid attack.
Let's assume you know that the salt used is (only) 4 numbers.
-a 7 ?d?d?d?d myKnownKey.txt
myKnownKey.txt contains the key alturkovic.
This setup would then try out these combinations:
- 0000alturkovic
- 0001alturkovic
- 0002alturkovic
- $ldots$
- 9999alturkovic
This is one example of how to create hybrid attacks using hashcat.
In practice
In practice salts are (as SEJPM commented) of course not only just 4 digits long but they are very long random alphanumerical characters and thus renders any brute force attacks impractical.
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
$endgroup$
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
add a comment |
$begingroup$
TL;DR: Salts are too long to try and brute force them.
In theory
You can create a mask attack using hashcat, specifically a hybrid attack.
Let's assume you know that the salt used is (only) 4 numbers.
-a 7 ?d?d?d?d myKnownKey.txt
myKnownKey.txt contains the key alturkovic.
This setup would then try out these combinations:
- 0000alturkovic
- 0001alturkovic
- 0002alturkovic
- $ldots$
- 9999alturkovic
This is one example of how to create hybrid attacks using hashcat.
In practice
In practice salts are (as SEJPM commented) of course not only just 4 digits long but they are very long random alphanumerical characters and thus renders any brute force attacks impractical.
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
$endgroup$
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
add a comment |
$begingroup$
TL;DR: Salts are too long to try and brute force them.
In theory
You can create a mask attack using hashcat, specifically a hybrid attack.
Let's assume you know that the salt used is (only) 4 numbers.
-a 7 ?d?d?d?d myKnownKey.txt
myKnownKey.txt contains the key alturkovic.
This setup would then try out these combinations:
- 0000alturkovic
- 0001alturkovic
- 0002alturkovic
- $ldots$
- 9999alturkovic
This is one example of how to create hybrid attacks using hashcat.
In practice
In practice salts are (as SEJPM commented) of course not only just 4 digits long but they are very long random alphanumerical characters and thus renders any brute force attacks impractical.
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
$endgroup$
TL;DR: Salts are too long to try and brute force them.
In theory
You can create a mask attack using hashcat, specifically a hybrid attack.
Let's assume you know that the salt used is (only) 4 numbers.
-a 7 ?d?d?d?d myKnownKey.txt
myKnownKey.txt contains the key alturkovic.
This setup would then try out these combinations:
- 0000alturkovic
- 0001alturkovic
- 0002alturkovic
- $ldots$
- 9999alturkovic
This is one example of how to create hybrid attacks using hashcat.
In practice
In practice salts are (as SEJPM commented) of course not only just 4 digits long but they are very long random alphanumerical characters and thus renders any brute force attacks impractical.
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
answered 7 hours ago
AleksanderRasAleksanderRas
3,5411 gold badge9 silver badges40 bronze badges
3,5411 gold badge9 silver badges40 bronze badges
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
add a comment |
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
$begingroup$
I believe this is exactly what I was looking for. I am aware of the caveats and downsides and I have reasonable expectations for this to work. I have to try this tomorrow when I get to work to see how performant it actually is. Thank you.
$endgroup$
– alturkovic
1 hour ago
add a comment |
alturkovic is a new contributor. Be nice, and check out our Code of Conduct.
alturkovic is a new contributor. Be nice, and check out our Code of Conduct.
alturkovic is a new contributor. Be nice, and check out our Code of Conduct.
alturkovic is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f71618%2fcracking-a-hash-when-you-know-the-result%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
$begingroup$
In theory the usual tools could be changed to also brute-force salts given passwords, but salts are usually chosen uniformly at random from a space of size $geq 2^64$ so there's little hope that they can be recovered by brute-force and there are no structural weaknesses (usually) that allow a faster recovery (except if the salt is encoded into the stored hash).
$endgroup$
– SEJPM♦
7 hours ago