How to decrypt sha1-encrypted String in Java

Question

Is it possible to decrypt some string which was earlier encrypted with the SHA-1 algorithm in Java?

Answer 1

Short answer: it's impossible.

Because SHA-1 is a cryptographic hash function, by the pigeonhole principle, it is mathematically impossible to reverse. There are only 2¹⁶⁰ possible SHA-1 hashes. Since there are an infinite number of possible input strings, there must be collisions (multiple inputs that hash to the same value). In general, there's no way you can know which of those strings was the original input.

However, real-world strings aren't completely arbitrary. If you know some information about your input string (e.g. that it was less than 5 characters long), with high probability, the input is unique. Unfortunately for you, hash functions like SHA-1 are intentionally computationally infeasible to invert. (There are theoretical attacks on SHA-1, but I don't think any are currently considered even near feasible.)

So if you need to recover hashed data, you have to use brute force: try SHA-1ing each string of length less than n, and see if the hash matches. But there are exponentially many strings of length up to n, so this quickly becomes infeasible.

There is one possible way to recover hashed data before the end of the universe. Your only hope is to use a more sophisticated method, such as rainbow tables. This will only work if you know that your original string was very short (less than ~15 characters). Even for short strings, it will take a long time (and gigabytes of disk space) to pre-compute the table.