How to reverse engineer Salt from password, iterations, and key?

Sayan Pal

1/17/23, 8:59 PM

Let's say that a random key is derived using the following function (PBKDF2).

key = fn(password, salt, iterations)

Q1: How can I reverse engineer the salt from the password, iterations, and the key?

Q2: If the same salt is used for generating the key, how can I reverse engineer the salt from the password, iterations, and the key?

143

0 + 0

pbkdf-2

Swashbuckler

1/17/23, 9:12 PM

Brute force (good luck with that as the recommended minimum salt length for PBKDF2 is 16 bytes) But in the real world the salt is not a secret so there's no need to try to find it, it's the key that's the secret.

Sayan Pal

1/17/23, 9:15 PM

Even with Brute force, how difficult it can get?

Gordon Davisson

1/18/23, 9:52 AM

I don't understand how the second question is different from the first. You say "same salt", but what's it the same as?

Sayan Pal

1/18/23, 12:32 PM

@GordonDavisson A fixed salt is used to derive the keys. However, a new password and iteration are generated every time. So the question really is that if or how the salt can be reverse engineered by mining the password, iterations, and the key?

Score:3

Crypto

bk2204

1/17/23, 9:39 PM

PBKDF2 is based on HMAC using a cryptographically secure hash function. Assuming the hash function is secure, the easiest approach will be brute force. Assuming you know the password, then the difficulty is the amount of entropy in the salt. So if you picked 16 random bytes, that provides 128 bits of entropy, and you'll require more energy than is required to boil all the world's oceans. 16 or 32 random bytes are customary amounts of salt to use when no other guidelines are given, both of which will be computationally infeasible to guess.

In general, we don't consider salt to be secret. It is generally stored along with the iteration count in plaintext when storing passwords, and in cryptographic protocols like TLS and SSH, the salt is sent in plaintext as part of the cryptographic negotiation.

0 + 0

Sayan Pal

1/18/23, 7:01 AM

Thank you for answering. I have edited the post with a follow up question. Can you please address that as well?

bk2204

1/18/23, 1:18 PM

Literally the same answer applies. It is no easier in this case.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to reverse engineer Salt from password, iterations, and key?

TH: จะทำวิศวกรรมย้อนกลับ Salt จากรหัสผ่าน การวนซ้ำ และคีย์ได้อย่างไร

RO: Cum se face inginerie inversă pentru Salt din parolă, iterații și cheie?

RU: Как реконструировать соль из пароля, итераций и ключа?

VI: Làm cách nào để đảo ngược kỹ sư Salt từ mật khẩu, lần lặp và khóa?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.