4
$\begingroup$

I am currently studying AES algorithm and writing a Code using Python. I am trying to add 'Salt' into the user input password,

Here is what I am doing,

import hashlib import os password = "Sufiyan Ghori" salt = os.urandom(32) # 32bytes * 8 = 256bits # Adding the Password into the first 128bits of SALT # So that the password could be encrypted Encoded_Password = password.encode('utf-8') + salt[:16] # Output will be, Password + Salt

I've added comments above for better understanding.

If the 32-byte salt is equal to

b'\x937{\xa0\x9bo\x9f\x8b1\xbf\xa9\xc9\x01\x86\xa1\xd9\xc7\x00+\x81\t\x0f\\\xdc\ x9a\xe5\x84r\xce$EJ'

then Password + Salt[:16] would be

b'Sufiyan Ghori\x937{\xa0\x9bo\x9f\x8b1\xbf\xa9\xc9\x01\x86\xa1\xd9'

If I then create its digest using sha512,

sha512 = hashlib.sha512( Encoded_Password ).digest()

the output will be

b"\xe8\x02\xcc\xa9\x1a\xd3\x1b\x80\x1f{\xd2\xa6E7\x9d\x87\xcf\x17\xb1\xb4\x07\xb 1\xfe\xf2\x9a\xa5\xcc\xe7\x92\xc0\x81\xed\xf8HPu\xe2'\xfc\x0b\xc1\xa6\xc8\xd0N5a \xc1;\xf7\xbc\xe3\xafN\xcaN\xdfqhc&A#%"

How am I supposed to recover the original password — which is Sufiyan Ghori — from this fixed-length hash value now?

Improve this question
$\endgroup$
1
  • 1
    $\begingroup$ a simple password hash is not a key derivation function... $\endgroup$ Commented Oct 9, 2013 at 18:49

1 Answer 1

Reset to default
5
$\begingroup$

You cannot recover the password from the hash. That's not something that password hashes are designed for — quite the opposite: with a proper password hash, the only way to recover the password given the hash is to make a guess and verify it — and the better the hashing scheme, the more costly verifying guesses is.

Passwords are used for authentication: a client attempts to prove its authenticity to a verifier by proving that it knows the password. The client knows the password and does not need to recalculate it. The verifier knows the password's hash; the client tells the verifier what it claims the password is, and the verifier computes the hash of the candidate password and compares it with the reference hash. The verifier does not need to compute the password. This works because computing the hash of the password is deterministic (the calculation always gives the same result).

A password hash needs three ingredients:

  • Hash: a one-way function (or a good enough approximation — a function for which nobody knows how to compute inverses), so that the password cannot be recovered from the hash except with a lucky guess.
  • Salt: a unique value that makes the hash computation unique, so that adversaries wishing to break passwords cannot make computations that are useful to break many passwords at once.
  • Slowness: so that brute force attempts by an adversary who knows the hash (make a guess, compute its hash, compare it against the known hash) take an impractically long time even for practical, low-entropy passwords.

See How to securely hash passwords? for a more detailed explanation.

Your password hashing scheme has two of the three ingredients: hash and salt. Keep in mind that the salt must be saved with the hash value so that the same hash computation can be made when a client submits a candidate password. You're missing slowness, which can be achieved by making many iterations of the hash function. There are better ways of achieving slowness which also make it harder to design specialized hardware dedicated to fast password computations; again, see How to securely hash passwords? for more details.

Improve this answer
$\endgroup$
5
  • 2
    $\begingroup$ "That's not something that password hashes are designed for." You might want to word this a bit stronger: "Password hashes are specifically designed to prevent this from happening." $\endgroup$ Commented Oct 9, 2013 at 15:16
  • $\begingroup$ @nightcracker Done, is that ok now? $\endgroup$ Commented Oct 9, 2013 at 15:34
  • $\begingroup$ I think "You cannot recover the password from the hash." is misleading. I think the fact that if you use a bad hashing method you can recover the password means this opening line should be reworded. To what, I'm not entirely sure. That and I think every other word should link to "How to securely hash passwords", just to make sure to get across the point that this is a solved problem in our field. (The bigger problem is getting developers to do it!) $\endgroup$ Commented Oct 10, 2013 at 4:25
  • 1
    $\begingroup$ @corsiKa The hash in question is a salted SHA-512, so for this hash, it is true (except of course by guessing and verifying, which the next sentence discusses). $\endgroup$ Commented Oct 10, 2013 at 7:38
  • $\begingroup$ @corsiKa If you use a broken hashing method then anything can happen. But a hashing method must be terribly broken if you can retrieve the original password without reverting to brute force. I don't think we have to mention that the implementation should not be using broken functions for every answer. $\endgroup$ Commented Oct 12, 2013 at 11:41

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.