Is it possible to get the salt if I have the hash and original password?
My gut feeling is no, but would it be impossible or will it just take very long?
Is it possible to get the salt if I have the hash and original password?
My gut feeling is no, but would it be impossible or will it just take very long?
Getting salt from hash(salt+password)
would be just as difficult as getting password from hash(salt+password)
.
I'm not really sure why you would want to find the salt, since generally the salt is not considered secret. Basically in your case the salt is essentially the password as you do not know what it is and the password is your salt (let's take semantics aside that dictates as the password will probably not be globally unique) as it's not secret.
The PBKDF2 standard states that at least 64 bits should be used. However Thomas Pornin states that:
Salts must be unique; that's their one and only job. You should strive, as much as possible, to never reuse a salt value; the occasional reuse is rarely critical but should still be avoided). With reasonably designed password schemes, there is no other useful property in salts besides uniqueness; you can choose them however you want as long as you do not reproduce the exact same sequence of bits. Uniqueness must be understood worldwide.
A common way to have more-or-less unique salt values is to generate them randomly, with a good generator (say, one which is fit for cryptographic usages, like /dev/urandom). If the salt is long enough, risks of collisions (i.e. reusing a salt value) are low. If you use n-bit salts, chances of a collision become non-negligible once you reach about 2n/2 generated values. There are about 7 billions people on this planet, and it seems safe to assume that they, on average, own less than 1000 passwords each, so the worldwide number of hashed passwords must be somewhat lower than 242.7. Therefore, 86 bits of salt ought to be enough. Since we kind of like so-called "security margins", and, moreover, since programmers just love powers of two, let's go to 128 bits. As per the analysis above, that's more than enough to ensure worldwide uniqueness with high enough probability, and there is nothing more we want from a salt than uniqueness.
Note that it will also depend on your password hashing algorithm, there are currently three accepted password hashing algorithms which are considered secure:
These are quite slow algorithms, making it less feasible to brute force the salt. Now if your salt is 64 bits and your algorithm is slow, it's not really feasible at all. Let's say you have a 64 bit salt:
((264) * t)/2
Where t is the amount of time it takes to calculate a single hash and divided by two as statistically you will probably find it after having done half of the hashes. Regardless to say that's A LOT of time.
So it will largely depend on your salt length and algorithm used how feasible it actually is to brute force a salt if you don't know it.
Assuming you know the hash function and method used to generate the hash from the password and salt it is possible to discover the salt if you have the original password and the end hash. It would be using brute force - there's no clever or quick way to do it.
In your typical scenario your hash is generated by 1) hashing the password then 2) combining it with the salt, and then 3) hashing the combination of password hash and salt. If you know 1) and 3) and you know the length of the salt you could try every combination of the missing salt until you find it. This would take a great deal of computing power and time.
I cannot think of a scenario where discovering the salt is worthwhile. Salts are supposed to be one-time use only, and you don't have to protect them. There are plenty of scenarios where the salt is sent over unencrypted channels, so chances are you wouldn't need to discover it anyway, if you can get the end hash you probably already have the salt. Even if someone implemented a crypto system that used a static salt (a bad idea!) you wouldn't have to brute-force it as you can probably get it by other means.