I thought sha256 is impossible to crack (so far).
But I saw a website, that could decrypt my hash.
So is this because they store known hastes in a database or
do they really decrypt hashes?
Here's an image:
Asked
Active
Viewed 8,086 times
2
Mike Ounsworth
- 57,707
- 21
- 150
- 207
K.NaN
- 53
- 1
- 8
-
2You should read about rainbow tables. – user2233709 Mar 29 '17 at 13:30
-
I don't think sites like these use rainbow tables, i.e. they don't store hash chains and don't compute hashes until they hit a match. I think they just have lookup tables with all hashes and corresponding plain texts. – Sjoerd Mar 29 '17 at 13:37
2 Answers
6
You are correct, the hash functions SHA256, SHA384 and SHA512 are (currently) unbroken, so it is not possible to easily reverse them. MD5 and SHA1 are considered broken because researchers have found pairs of strings that produce the same hash value, but even these require weeks or months of computation.
(note: I don't like that the site uses "decrypt" because that's a word you use for encryption; you can't "decrypt" a hash)
What they are probably doing is a dictionary attack in which they have pre-computed the hashes for all common dictionary words. This would give them a lookup table which would take in a hash and return the word that produces it.
Just to give an idea of scale, there are 171,476 English words and a SHA256 hash takes 32 bytes, so storing the SHA256 hashes of all English words would only take about 5 mb.
Mike Ounsworth
- 57,707
- 21
- 150
- 207
-
OK, thank you very much for answering and editing ;). Yes, this is actually very confusing, that they are talking about decrypting! – K.NaN Mar 29 '17 at 13:37
-
2There are no tricks to reverse MD5 and SHA1. They are considered broken because it is possible to construct two messages with the same hash. – Sjoerd Mar 29 '17 at 13:39
-
-
-
@K.NaN Be careful with the word "only". But yes, SHA2 (which includes SHA256, SHA384, and SHA512) is good. So is SHA3, and BLAKE. There are more, but they are less famous. It also depends what you're doing; if you're checksumming a file, then SHA1 or MD5 are fine. If it is protecting your bank account, then you should use SHA2 or SHA3. – Mike Ounsworth Mar 29 '17 at 13:52
-
I was totally triggered by the words "Decrypt" and "Hash", but you already explained it :p – Black Magic Mar 29 '17 at 14:29
5
Your hash wasn't cracked, it was pre-computed and put into a rainbow table.
Hashing is a one-way cryptographic function designed to be compared to and not decrypted like a value that has been encrypted.
So what this website has done is taken a bunch of strings, hashed them using various algorithms and stored the value of the hash. That way when you enter your hash, it compares that hash to values it's already stored to seemingly "reverse" the hash. This is why using a salt is so important while hashing.
DKNUCKLES
- 9,237
- 2
- 37
- 47
-
Thank you very much for your fast answer. I'm relieved to hear that! But when hashing is one-way cryptographic, how is it possible to decrypt MD5? – K.NaN Mar 29 '17 at 13:34
-
1
-
My take on this is that it's not really worthwhile generating a rainbow table for one target. The whole point of the rainbow tables was to use them more than once which has been negated by salting and peppering. – user633551 Mar 29 '17 at 21:34
-
@user633551 I'm sure there's no shortage of applications storing hashes with unsalted hashing algorithms – DKNUCKLES Mar 30 '17 at 17:51
-
@DKNUCKLES well, that's a big mistake by those who use such applications. Also, I bet this won't be encountered when attempting to extract the important credentials. However, I can see how this is related because people are still using same passwords for different logins. – user633551 Mar 30 '17 at 19:22