I have found out, how I can convert plain text into an SHA (http://hash.online-convert.com/sha512-generator), but how can I convert a SHA key to plain text?
Asked
Active
Viewed 1.1k times
0
-
5You can't. There's an infinite number of strings for a given SHA hash. Getting any one of them is by design extremely hard. That's hashing, not encoding nor encryption. – Stéphane Chazelas Jan 21 '15 at 20:47
-
This means, the guy which 'convert' the plain text key to has can also convert it to plain text, or at least if he find again the same key it knows how to translate it, isn't it? – Romulus Jan 21 '15 at 20:59
-
@Romulus, that is true. While it is true that each key can be made from an infinite set of texts. In practice any real sha, will have only one text, this is because the probability of a text producing any particular sha is so mind bogglingly low. Therefore if you create a sha from a text, and remember this sha, but forget the text, and then in the future have a text and produce a sha, and the sha is the some as before, you can be sure that it is the same text. (You will, however, never be able to do this by guessing). – ctrl-alt-delor Jan 21 '15 at 21:32
-
4I'm voting to close this question as off-topic because it is a general question about the SHA-2 family of hash functions, not about anything on-topic as given in [help/on-topic]. – derobert Jan 22 '15 at 17:55
-
@Derobert The question is only off topic, once you know the answer. – ctrl-alt-delor Feb 12 '20 at 07:39
-
@ctrl-alt-delor I'm not sure that's true, but even if we take that as a given, I'm not following, I don't see what you're suggesting be done about it, or be done differently in the future (since this is a 4-yr-old question). OP may not realize a question is off topic for any number of reasons, and I don't think we should hold an occasional mistake against OP. We close off-topic questions to keep our site focused, which seems to me to apply regardless of when we discover it's out-of-scope. – derobert Feb 12 '20 at 07:54
2 Answers
4
SHA-1, SHA-256, SHA-512 and all the other SHA functions are cryptographic hash functions. One of the defining properties of cryptographic hash functions is preimage resistance: given a cryptographic hash function F and a value h, it is infeasible to find a text m such that F(m) = h. Note that hashing is not encryption: with encryption, you can find the original if you find the decryption key, but with hashing, you can't find the original except by guessing, period.
If you have the hash of a text, the only ways to find the text are:
- Make an exhaustive search. If you take all the computers existing today and devote them to this task, this will take about 100 quintillion times the age of the universe for SHA-1, and much, much longer for SHA-512. Bring a book.
- Make a fundamental breakthrough in cryptography. This is theoretically possible in that nobody has been able to prove that any of the SHA-* family are actually cryptographic hash functions, we just believe they are because professional cryptographers have tried to break them for years and failed. Publish your technique, you'll be famous.
- Guess the text. It's easy to verify each guess. Be prepared to go through a lot of wrong guesses. Depending on the length and complexity (more precisely, on the entropy introduced by the method used to generate the text), this may range anywhere between quick (e.g. if you know it's a dictionary word) and infeasible (e.g. if it's a string of 50 random letters).
- Figure out what input was passed to the function by non-computational means, such as finding the person who submitted the text and hitting them with a wrench until they reveal the password, or digging through the server logs (if the text was logged somewhere).
Gilles 'SO- stop being evil'
- 829,060
-
-
Even an exhaustive search won't work. You'll (given infinite time) find something with the same hash, but it probably won't be your text (except for very short texts). Same applies to the cryptographic breakthrough. – derobert Jan 22 '15 at 17:46
-
See also What is pre-image resistance, and how can the lack thereof be exploited? on [crypto.se]. – derobert Jan 22 '15 at 17:50
-
Thank you for your elaborate answer. Now I understand better the difference between cryptographic and encryption. – Romulus Jan 23 '15 at 08:56
2
It's simple. You can not. This is precisely why it's called Secure Hash Algorithm. You need the source that generates the SHA string to know what generates it. This is why it's used to verify data alteration/manipulation. Through there are ways to manipulate the resultant hash, you can not know the source that created that hash.
Braiam
- 35,991