Decrypt SHA1 with (password) in python

Solution 1

Hashing functions are different than normal crypto algorithms. They are oftenly referred to as one-way ciphers, because the process data goes through is irreversible.

Differently than symmetric and assymetric encryption, hashes are used by asserting the hashed values themselves, instead of decrypting and asserting the plain-text values. To validate logins when you're using hashes, you'd hash the password the user just attempted to log in with and compare it with the hash you have on your DB. If they match, login is successful.

Cracking hashes involves guessing hashing various different strings and trying to match hashed values to the ones illegally obtained from a DB. There are lists available on the internet with millions of already hashed values to make hash cracking easier, those are known as Rainbow Tables and they can be easily countered with the use of Salts.

It's also worth noting that since hashing algorithms are able to digest GBs of data into significantly smaller strings, mathematically, two different values may have identical hashes. Even though this is very rare, it is an existing problem, and its known as Hash Collision.

If hashing was reversible, hard drives would be reduntant since we would be able to hash thousands of GBs into a small string of text and reverse them as we pleased. It would allow for data compression and storage in ways that violate physics.

Related Wikipedia Articles:

Hashing Algorithms: http://en.wikipedia.org/wiki/Hash_function

Rainbow Tables: http://en.wikipedia.org/wiki/Rainbow_table

Salts: http://en.wikipedia.org/wiki/Salt_(cryptography)

Collision: http://en.wikipedia.org/wiki/Collision_(computer_science)

Symmetric Encryption: http://en.wikipedia.org/wiki/Symmetric-key_algorithm

Assymetric Encryption: http://en.wikipedia.org/wiki/Public-key_cryptography

Solution 2

SHA-1 is not an encryption algorithm, it's a hashing algorithm. By definition, you can't "decrypt" anything that was hashed with the SHA-1 function, it doesn't have an inverse.

If you have an arbitrary hashed password, there's very little you can do to retrieve the original password - If you're lucky, the password could be in a database of reverse hashes, but that's as far as you can go.

And the message extraction algorithm expects the original password to perform the verification - the algorithm will hash the provided plain-text password and compare it against the stored hashed password, only if they're equal the plain-text message will be revealed.

Solution 3

Hash functions are one way tickets. You cannot use them for encryption.

Hash function algorithms are realised through modulo, xor and other familiar (one way) operations.

You may try to find what argument was used to generate hash but in theory you will never be 100% sure it is the correct value.

For example try with a really simple (useless in cryptography) hash function modulo 10. This function returns ten different values. If it's 7 you may guess the entry was 7 or 137 and 1234567. Same with md5, sha1 and better ones.

As you can see, in the case when you are using hash function that returns only 40 bytes with files that are much bigger (maybe even few hundred megabytes) there in theory exists infinite numbers of files for each possible hash.

Author by

Black_Ram

Updated on June 04, 2022