2

I encoded(sha512 hash)the password string "hello" using the salt string "world" and saved the string in a file.

hex: 2b83319d3e78544e4430c4f5621968fee8b6ffa1254678b2c6fb98f7f79ff16afee2da909a7bb741488ca3bacbbf6cec8fd226c5a52eef805ea65a352e2ece8e

base64: K4MxnT54VE5EMMT1Yhlo/ui2/6ElRniyxvuY9/ef8Wr+4tqQmnu3QUiMo7rLv2zsj9ImxaUu74Beplo1Li7Ojg==

Now in my program i have the above encoded value of salted "hello" and the fresh password string "hello". I have to again encode "hello" using same salt and compare the output. Is it possible to extract the salt from the above output?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
BEPP
  • 875
  • 1
  • 12
  • 36
  • 1
    You also need to store the salt. See the #1 related question: http://stackoverflow.com/questions/213380 – Jonathon Reinhart Jul 23 '15 at 11:30
  • 1
    No. All cryptographic hashes are designed to be one-way functions. – rossum Jul 23 '15 at 11:31
  • 1
    Also, while you're technically correct that you've stored *hex* or *base64*-encoded hashes in your text file, a hash itself is **not** an *encoding* of anything. Information is lost - that's the point. – Jonathon Reinhart Jul 23 '15 at 11:32

2 Answers2

3

You cannot retrieve the "salt" from a hash. A hash function is a one-way function that cannot be reversed (only brute-forced).

Since you're using SHA-512 and the output is 512-bit long (128 hex-encoded bytes), there is simply no room where something like a salt is stored. When you create hashes using additional data such as a salt, you need to either store it yourself or use a function that produces a string that encodes such additional data into the output.

If you're hashing passwords or other easily brute-forceable data, use many iterations of such a hash function, because only one iteration is not enough. It is common to use PBKDF2, bcrypt or scrypt for these use cases.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
0

The salt, when concatenated with the user's password, in essence becomes part of the password. There is the part of this compound password you know (the salt) and the part the user knows. There is no known way to identify even a single bit of the password or the salt from the output of the better hash functions. They are, for any outside party, supposed to be indistinguishable from randomness and are not reversible.

So if you have good salt and did not store it, you will never find the concatenated string that became the compound seed for password generation. Or at least not without brute forcing it, which would take nearly forever to do.

WDS
  • 966
  • 1
  • 9
  • 17