If we know the hash of the password with salt and salt, is it possible, theoretically without knowing the password, to calculate the hash of the same password based on this data but with a different salt faster than in the case of selecting a password? A password hash without salt?
|
1 answer
The knowledge of salt does not make the algorithm weaker, but without knowledge of salt it is not possible to choose a password. The md5 algorithm is too short of the resulting hash code and vulnerability, which helps the attacker by itself. There are algorithms that select md5 fairly quickly.
As correctly noted in the comments, a password that is suitable may not be the original user password. It is not possible to determine the user's original password by hash code.
Mikhail Vaysman Mikhail Vaysman
13.6k one 13 28
- It would be more accurate, knowing the salt and the md5-value, you can choose a password that may differ from the original one, but it will do because it gives the same md5 despite the difference :) - nick_n_a
|
digest(x) = carrier_digest.update(byte) for byte in x- etki