How to decrypt a SHA-256 encrypted string?

java hash cryptography
366,741

Solution 1

SHA-256 is a cryptographic (one-way) hash function, so there is no direct way to decode it. The entire purpose of a cryptographic hash function is that you can't undo it.

One thing you can do is a brute-force strategy, where you guess what was hashed, then hash it with the same function and see if it matches. Unless the hashed data is very easy to guess, it could take a long time though.

You may find the question "Difference between hashing a password and encrypting it" interesting.

Solution 2

It should be noted - Sha256 does not encrypt the data/content of your string, it instead generates a fixed size hash, using your input string as a seed.

This being the case - I could feed in the content of an encyclopedia, which would be easilly 100 mb in size of text, but the resulting string would still be 256 bits in size.

Its impossible for you to reverse the hash, to get that 100mb of data back out of the fixed size hash, the best you can do, is try to guess / compute the seed data, hash, and then see if the hash matches the hash your trying to break.

If you could reverse the hash, you would have the greatest form of compression to date.

Solution 3

SHA* is a hash function. It creates a representation (hash) of the original data. This hash is never intended to be used to recreate the original data. Thus it's not encryption. Rather the same hash function can be used at 2 different locations on the same original data to see if the same hash is produced. This method is commonly used for password verification.

Solution 4

You've done the correct thing by using a salt aka SSHA.

SHA and SHA-2 (or SHA-256) by itself without a salt are NOT considered secure anymore! Salting a SHA hash is called Salted SHA or SSHA.

Below is a simple example on how easily it is to de-hash SHA-1. The same can be done for SHA-2 without much effort as well.

Enter a password into this URL: http://www.xorbin.com/tools/sha1-hash-calculator Copy paste the hash into this URL: https://hashes.com/en/decrypt/hash

Here's a page which de-hashes SHA-2. The way this pages works is somebody must have hashed your password before, otherwise it won't find it: md5hashing dot net/hashing/sha256

Here's a page that claims to have complete SHA-2 tables available for download for a "donation" (I haven't tried it yet): crackstation dot net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Here's a good article that explains why you have to use SSHA over SHA: crackstation dot net/hashing-security.htm

Share:
366,741
chiappone
Author by

chiappone

Updated on July 05, 2022

Comments

  • chiappone
    chiappone almost 2 years

    I have a string that was salted, hashed with SHA-256, then base64 encoded. Is there a way to decode this string back to its original value?

  • Louis Wasserman
    Louis Wasserman over 12 years
    To put it another way, if you could invert this function easily, that would be a really bad thing.
  • Hannes Landeholm
    Hannes Landeholm over 6 years
    "If you could reverse the hash, you would have the greatest form of compression to date." No, not really. "Reversing the hash functions" refers to finding collisions. Nobody really cares about finding the exact original input. So you reversing the hash function just gives you a gibberish generator.
  • Baaleos
    Baaleos over 6 years
    While yes - a collision may statistically occur from different inputs for any hashing algorithm, most notably sha-1 and md5 , some older hashing routines.They just haven't occurred yet in the sha2 family. Given a mp4 - Thor Ragnarok, which is 1GB in size When you sha256 it - you get a 256 bit hash If you could get the 1GB back out of that 256bit hash Your taking 256bits of data, getting 1GB of data back. If it worked - then it would be equivalent to a form of compression. It just wont though ever work though. Verifying the hash is correct requires the content, which defeats the purpose.
  • Hannes Landeholm
    Hannes Landeholm over 6 years
    Sha256 is an approximation of a perfect hash function, so you can expect every possible output to have on average one other input with a length of 256 bits that maps to that output. There is no reason why a successful reverse would go as far as returning the original 1GB input when it can just return one of the ~256 bit inputs that returns that output, i.e. you will get a small chunk of gibberish. So even if you could reverse, you would never be able to use that for any kind of compression.
  • Safeer
    Safeer over 6 years
    If its so hard to regenerate the actual data or you are saying it Brute-force strategy for regeneration then how md5decrypt.net/en & number of other online tools regenerates the actual string?
  • Brendan Long
    Brendan Long over 6 years
    @Safeer They have a list of the outputs of the hash function and then lookup what the input was. They're not actually decrypting; they're essentially guessing and then keeping track of the results.
  • Slav Pilus
    Slav Pilus about 5 years
    Yes, hashing is one way only and for a long string probably brute force is not feasible. That said if a hash is a password there are different strategies one can use to work out what the original clear text was. It usually involves some kind of precomputed list of hashes for well-known passwords, a whole dictionary or rainbow tables. There are a number of services dedicated to doing exactly that. crypto.apitools.zone/sha256-decode.html will do precisely that and has handy restful API.
  • Jörg W Mittag
    Jörg W Mittag almost 5 years
    @Safeer: To add to the other comments is also the fact that MD5 has been cryptographically compromised years ago.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to hash a string in Android?
What kind of padding should AES use?
Why does HashMap require that the initial capacity be a power of two?
java.security.spec.InvalidKeySpecException and Inappropriate key specification error in java program
AES rijndael encrypt between c and java
SHA256withRSA sign from PHP verify from JAVA
Produce MD5 or SHA1 hash code to long (64 bits)
How to verify if the private key matches with the certificate..?
How to Hash String using SHA-1 with key?
What is the key size for PBEWithMD5AndTripleDES?