Is it possible to decrypt hash password with salt? If yes, then how?

5.6K    Asked by AnishaDalal in SQL Server , Asked on Dec 10, 2021

Is it possible to decrypt hash password with salt? If so, they how can we decrypt it? 

Answered by Ankur vaish

Hash functions are designed to go only one way. If you have a password, you can easily turn it into a hash, but if you have the hash, the only way to get the original password back is by brute force, trying all possible passwords to find one that would generate the hash that you have. Assuming the salt is very long, not knowing the salt would make it nearly impossible to decrypt hash password with salt(due to the additional length that the salt adds to the password), but you still have to brute force even if you do know the salt. As an example, let's say that the password is "secret" and the salt is "535743". If the salt is simply appended to the end of the password, then the hash you'd be cracking would be a hash of the string "secret535743". Without knowing the hash, you'd have to try all possibilities until you reach "secret535743", which would take quite a while due to its length (keeping in mind that real salts are much longer than this).

But if you know that the salt is 535743 and that it is appended to the end of the password, then instead of trying everything, you'd try "a535743", "b535743", "c535743", etc. This greatly reduces the number of possibilities you have to try until you reach the correct string. With that in mind, It doesn’t make sense to know the hash but the salt. The two are usually stored in the same place.



Your Answer

Answer (1)

Decrypting a hashed password with salt is not possible in the traditional sense. Hashing with salt is a one-way process designed to protect passwords by making it computationally infeasible to reverse the process and obtain the original password.


However, if an attacker gains access to both the hashed password and the corresponding salt, they could potentially attempt a brute-force or dictionary attack to guess the original password. This involves hashing various possible passwords with the known salt and comparing the results to the stored hashed password until a match is found. This process can be time-consuming and resource-intensive, especially for strong hashes and complex passwords.

To enhance security against such attacks, it's crucial to use strong hashing algorithms (such as bcrypt, SHA-256, or SHA-512) and unique salts for each password. Additionally, using techniques like key stretching and employing a sufficient number of hash iterations can further increase the complexity and difficulty of password cracking attempts.


6 Months

Interviews

Parent Categories