No I am not asking how to crack SHA-1.

I just want to know how to take the info digested by a sha.new()instance, and decrypt it back to the original info that i've fed it?

: No I am not asking how to crack SHA-1.
:
: I just want to know how to take the info digested by a sha.new()instance, and decrypt it back to the original info that i've fed it?

Unless I'm mistaken this is not possible. As I understand it, the entire point of the various hashing algorithms is to prevent exactly this. This is so you can compare the hashes of two values and if the hashes are the same you can be nearly certain the original values were identical.

An SHA1 hash is how many bits? 128? 256? I don't for sure, but if you think about it, you can hash any value of any size to something that's maybe a few dozen bytes long. How could you possibly hope to reconstruct the original from it? It's not like a compression algorithm or encryption mode.


infidel

$ select * from users where clue > 0
no rows returned

: : No I am not asking how to crack SHA-1.
: :
: : I just want to know how to take the info digested by a sha.new()instance, and decrypt it back to the original info that i've fed it?
:
: Unless I'm mistaken this is not possible. As I understand it, the entire point of the various hashing algorithms is to prevent exactly this. This is so you can compare the hashes of two values and if the hashes are the same you can be nearly certain the original values were identical.
:
: An SHA1 hash is how many bits? 128? 256? I don't for sure, but if you think about it, you can hash any value of any size to something that's maybe a few dozen bytes long. How could you possibly hope to reconstruct the original from it? It's not like a compression algorithm or encryption mode.
:
:
: infidel
:
:

: $ select * from users where clue > 0
: no rows returned
: 

:
:
I think SHA1 is 256 bytes.

: No I am not asking how to crack SHA-1.
:
: I just want to know how to take the info digested by a sha.new()instance, and decrypt it back to the original info that i've fed it?
:

SHA is by its very nature one way encryption. You cannot
decrypt it.

How ever there are encryptions such as GPG which has a command line
interface that will allow you to encrypt and decrypt.

Also if you do come accross a way to decrypt SHA please share with the rest of us. Not to say I want people to crack things and chare the cracks just if you come accross a a legit manner of decypting it.

: Also if you do come accross a way to decrypt SHA please share with the rest of us. Not to say I want people to crack things and chare the cracks just if you come accross a a legit manner of decypting it.

It's not encryption, it's a hashing alrgorithm. You can't decrypt it, all you can do is try to find a string that hashes to the same value, and if you do it's pretty likely that you've found the original string. Although they've started finding collisions lately so pretty soon we'll need even longer hashes.


infidel

$ select * from users where clue > 0
no rows returned

: It's not encryption, it's a hashing alrgorithm. You can't decrypt it,
: all you can do is try to find a string that hashes to the same value,
: and if you do it's pretty likely that you've found the original
: string.
Well, maybe likely. But yeah, it's not for encryption.

: Although they've started finding collisions lately so pretty soon
: we'll need even longer hashes.
:
Yes, though it's not length alone that affects the ability to find two messages that hash to the same value. Ideally it would be, but the new SHA-1 issues arise because there are ways of finding collisions quicker than doing brute force (which has length as its only variable - though you need to divide number of bits by 2 to get real power of 2 of the number of tests to do in order to account for the birthday paradox).

If you're developing a new system then you may want to look elsewhere than SHA-1 (and MD5) for hashing algorithms. Both have, in the last couple of years, been shown to have weaknesses. MD5 especially. The weaknesses have msot effect in message signing use than for hashing passwords and so on though. For more on SHA-1 weaknesses, see:
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

SHA-256 is likely to be used in the future (256 bit value, and generated differently to some degree so hasn't got the weakness SHA-1 has). FYI, SHA-1 is a 160 bit hash. Another possible algorithm is Tiger, which I believe was developed at Cambridge Uni partly by Ross Anderson.

Jonathan

###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

: Jonathan

Howdy, stranger.


infidel

$ select * from users where clue > 0
no rows returned

: : Jonathan
:
: Howdy, stranger.
:
:
Yeah, I know. I got bitten by RSI and haven't been able to spend as much time hanging about on PH and doing a lot of other fun programming stuff of late. I have been working out in Spain the last couple of weeks and have been using a nice, comfortable split keyboard. Amazingly, my symptoms have virtually disappeared. So no prizes for guessing what I will be ordering when I get back to the UK...

Jonathan

###
for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
(tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
/(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");