-6

I have a database-table of users including columns for password-hash and password-salt. As I am one of the users in this table I also know the plain-text password of one of these users. The salt column is varchar(20) and hash is varchar(64).

I was wondering if it is possible to determine the hashing-algorithm used. Eventually, I would like to add users to the database with strong initial passwords, as the software only provides very weak ones. So I would like to generate passwords in such a way that they can be used to actually log into the software.

Improve this question
3
  • 3
    You don't know how the salt is applied, which hashing algorithm(s) are in use, or how many rounds of hashing are used. Your only option is to attempt to brute force the one sample you have. You might get lucky if you append the salt and run one round of MD5. If not, you will have to try at least two salting methods, maybe more, several different hashing algorithms, and however many rounds of hashing you have patience for. This is not really a practical proposition. Commented Nov 4 at 8:10
  • 2
    I'd say no, since if you only have one password and its hashed version, multiple hash functions could produce that single result. from that on you cant tell which one is the one youre looking for to decrypt the other passwords Commented Nov 4 at 8:11
  • What does a typical salt and hash value look like in the database? Are they hex-encoded values? Are they base64-encoded values? The answers to these questions will only give you clues, however, as there are many different password-hashing methods used in the wild, as the previous comments have indicated. Commented Nov 4 at 16:03
Related questions
1255
Secure hash and salt for PHP passwords
326
Is "double hashing" a password less secure than just hashing it once?
374
What column type/length should I use for storing a Bcrypt hashed password in a Database?
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.