1

This is kind of very basic question. I have searched for help regarding this but couldn't find any concrete answer to it. Therefore i am asking it specifically here.

The use case is, i want to find the weak password referring to the list of hashes available. For that i am have to compare the hash of each known/common words with the available hash. All this is done in C++ for Unix using openssl/blowfish.h

However, to create the hash of this guess word needs to be generated using the same salt that was used for the password hashes.

My question here is how can i extract the salt from password hashes. Suppose, following is my hash:

$2a$10$FTx8T5QrEbxYVe.NJ6iOhuei.V9qgl60xF8/8s7iZRDIlOl.ibDEW

What is salt in this? or how i can achieve the goal? Any pointer would be great!!

Thanks in Advance.

Mrun
  • 71
  • 1
  • 1
  • 5

3 Answers3

2

Just pass the password hash as the salt -- it is smart enough to extract itself. This is the convention of crypt()

See How Passwords Work in Unix, Mac OS, and Windows under Modern Unix and "BSD-style" hashing.

Note: the salt parameter of crypt() is NOT the salt. It is $algorithm$salt$MORESALTsomething, so you should never extract the salt yourself. -- it is called salt for historical (DES-era) reason.

See also Why does crypt/blowfish generate the same hash with two different salts?

Community
  • 1
  • 1
J-16 SDiZ
  • 26,473
  • 4
  • 65
  • 84
  • Yes. I have seen the second link. based on that only, i had made some assumptions which are actually not working for me or giving unexpected results. I am unable to make out how i should be using blowfish APIs for my use case. – Mrun Aug 26 '11 at 13:22
  • can i achieve the same using blowfish API? – Mrun Aug 29 '11 at 11:09
  • I don't think so -- the blowfish used in password hash is a modified one. – J-16 SDiZ Aug 29 '11 at 14:34
1

The "salt" of a password hash function is concatenated with the password, and the resulting string is then hashed. To get back the salt, that would mean you'd need to get back the string which was hashed. Obviously, that has two major issues:

  1. If you'd be able to get back that hashed string, it would also contain the plaintext password. That would be a major security failing of the hash function.
  2. You'd also have to figure out which part of the concatenated string is the salt, and which the password.
MSalters
  • 173,980
  • 10
  • 155
  • 350
0

Isn't that the point of the salt? That you don't know what it is? So nobody can come and do what you're trying to do now?

The way I understand salt is this:

  • You have a string, let's call it password.
  • And you have and algorithm that takes a string and produces a hash from it. Let's call it blowfish
    • is that even correct? is blowfish a hashing algorithm? I don't think so!!!.
    • Let's call our algorithm md5.
  • md5 will produce a hash for password, but it will always produce the same one
  • You have a bad guy. Let's call him Mrun.
  • Mrun tries to find out the password by testing md5 with a bunch of known passwords from a dictionary
  • by not using just password, but instead password + salt, a different hash is produced and Mrun is foiled.

If you need to find the salt, you will have to have at least one known combination of password and hash. Then you can try to use brute force to figure out the salt. Good luck. Oh, and I hope you're not being evil here. Oh, and I hope the rest of the evil beings are also clueless...

Daren Thomas
  • 67,947
  • 40
  • 154
  • 200
  • You have got some misconception here --- If you can't get the salt, how can you verify if the password is correct? The salt is for prevent *precompiled tables*, but not on the spot tables. This is also why you should not reuse salt. – J-16 SDiZ Aug 25 '11 at 07:14
  • 1
    I think you misunderstood me - if you find the salt (by guessing, applying hashing algorithm to password and guess and checking with known hash) then you can recompile your table using the salt and crack the rest of the passwords. – Daren Thomas Aug 25 '11 at 07:26
  • 1
    I agree with J-16. Each user will have its own salt value, in a proper setup. There's no such thing as _the_ salt. I.e. the password table will have three columns: `User, Salt, Hash`. – MSalters Aug 25 '11 at 08:36