Geek Answers Handbook

How to decrypt sha1-encrypted String in Java

Is it possible to decrypt some string that was previously encrypted using the SHA-1 algorithm in Java?

+8
java cryptography encryption hash sha1
source share
3 answers

SHA1 is a cryptographic hash function, and the thing is that you cannot cancel it. If you could cancel the hash (find the input for the given hash), it would be useless. If you need to encrypt something and then decrypt it, you should use an encryption function like AES or RSA .

However, for very simple inputs, it may be to crack the hash function by guessing what the input is and checking if the hash is the same.

Python code example:

def crack_hash(hash_to_crack, hash_function, list_of_guesses): # Try to hash everything in our guess list for guess in list_of_guesses: new_hash = hash_function(guess) # if the hashes match, we found it if new_hash == hash_to_crack: return guess # If none of them match, give up return None

Of course, if you really want to efficiently break the hashes using software such as John the Ripper or Hashcat , probably your best bet. Note that this usually works with passwords, as they are short and easy to guess, but complexity increases exponentially as input increases. You can crack every SHA-1 hash with 6-character input in minutes, and a crack with 16 characters will take trillions of years on average.

+12
source share

No, this is not possible because SHA-1 hash is a one-way ticket. If you want to glue and decrypt a string, you will need to use some encryption algorithm that uses a key to generate encrypted data. Then you can encrypt the data and successfully decrypt it. For example, AES. You can read about AES from here.

+2
source share

Short answer: this is not possible.

Because SHA-1 is a cryptographic hash function , the pigeonhole principle is mathematically impossible to reverse. There are only 2,260 possible SHA-1 hashes. Since there are an infinite number of possible input lines, there must be collisions (multiple inputs whose hash has the same value). In general, there is no way to find out which of these lines was the original.

However, the lines of the real world are not completely arbitrary. If you know some information about your input string (for example, it was less than 5 characters), it is likely that the input is unique. Unfortunately for you, hash functions such as SHA-1 are intentionally computationally invalid for inversion. (There are theoretical attacks on SHA-1, but I do not think that they are currently considered even practicable.)

So, if you need to recover the hashed data, you should use brute force: try SHA-1 for each line less than n long and see if the hash matches. But there are exponentially many lines of length up to n, so this quickly becomes impracticable.

There is one possible way to recover hashed data to the end of the universe . Your only hope is to use a more sophisticated method, such as rainbow tables . This will only work if you know that your original line was very short (less than ~ 15 characters). Even for short lines, a preliminary calculation of the table will take a lot of time (and gigabytes of disk space).

+2
source share

More articles:


All Articles