Even though the current recommendation for storing passwords is the usage of a slow key derivation function such as Argon2, scrypt, PBKDF2 or bcrypt1, many websites still use the traditional
hash(password + salt) method, with MD5, SHA-1 and SHA-256 being the most commonly used hash functions.
The SHA-1 hash of
mySuperSecretPassword123 with the salt
Assume an attacker would steal the salt and the first half of the hash, so
E5D0BEE0300BF17508CA. We also assume that the attacker is aware that SHA-1 is being used and how the salt and the password are concatenated.
How difficult would it be for an attacker to recover the original password?
1 bcrypt technically isn’t a key derivation function, but for the purposes of this question it functions identically.