2

I have the string that was used in a webapp with md5 hashing to come up with a hash. I also have the hash. But the md5 of the string doesn't match the hash, so I'm guessing there's a salt involved. Is there any software that can help me determine the salt?

Improve this question
2
  • Do you have just the hash, or a full authdb entry?
    – Ignacio Vazquez-Abrams
    Commented Dec 26, 2010 at 7:16
  • I just have the hash.
    – Neil
    Commented Apr 20, 2011 at 21:01

1 Answer 1

Reset to default
1

In standard hashing functions (e.g., UNIX passwords in /etc/shadow) the salt is stored as part of the hash.

Pass the stored hash value as the salt and you should get the correct result.

The hashed password value in /etc/shadow is actually a $ delimited record. For example, we have this hash of the password 'blarg':

$1$KfcI/JTQ$b5VTf4i9Mnf6QFgLuVZNM0

There are three fields separated by $'s which are

  1. The hash function (in this case '1', representing MD5)
  2. The salt (which is 'KfcI/JTQ')
  3. The hash value (which is 'b5VTf4i9Mnf6QFgLuVZNM0')

If you use mkpasswd several times the hash will change.

$ mkpasswd -m md5 blarg
$1$Gst52IWk$8ARVeSlpkcZOlyKV10Slu/

$ mkpasswd -m md5 blarg
$1$JeqRviA/$GnH/AvGnZEG9wLfJjiaAt1

However, by passing in the salt (i.e., the second field) from the hash value above we can match it against the original hash:

$ mkpasswd -m md5 -S KfcI/JTQ blarg
$1$KfcI/JTQ$b5VTf4i9Mnf6QFgLuVZNM0

You can also pass in the whole password hash (although omitting the hash function).

$ mkpasswd -m md5 -S KfcI/JTQ$b5VTf4i9Mnf6QFgLuVZNM0 blarg
$1$KfcI/JTQ$b5VTf4i9Mnf6QFgLuVZNM0

On Linux the hash type can be controlled in /etc/login.defs. Be very careful when changing this, you can completely lock yourself out of the system. I suggest reading the man page carefully specifically looking at the headings MD5_CRYPT_ENAB and ENCRYPT_METHOD.

Improve this answer
4
  • In that case, the salt would be prefixed before the actual hash. And then the resulting string would not be a MD5 hash (like 32 hexadecimal digits), but something that is longer than that. And what do you mean with the last sentence?
    – Arjan
    Commented Dec 26, 2010 at 12:19
  • I was going to add a comment to this, but what I wan't to say isn't very easy to write in the comment box. I'm adding another answer to be more thorough.
    – bahamat
    Commented Dec 27, 2010 at 7:33
  • Like I mentioned in my question, this was from a webapp, that used their own custom-coded authentication system. Not Unix system passwords. These passwords were hashed by some PHP code before being stored in relational database. Thus, as Arjan said, I have a 32 digit string and the plaintext for it. Any method the salt can be computed from this, other than brute forcing all possible salts?
    – Neil
    Commented Apr 20, 2011 at 21:03
  • The salt should be included as part of the hash, or somewhere buried in the code is the single salt used for all of them.
    – bahamat
    Commented Apr 27, 2011 at 16:22

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .