Decrypt SHA1 with (password) in python

自古美人都是妖i 提交于 2019-12-11 00:55:20

问题


I have a function for encrypting with SHA-1 in Python, using hashlib. I take a file and encrypt the contents with this hash.

If I set a password for an encrypted text file can I use this password to decrypt and to restore the file with the original text?


回答1:


Hashing functions are different than normal crypto algorithms. They are oftenly referred to as one-way ciphers, because the process data goes through is irreversible.

Differently than symmetric and assymetric encryption, hashes are used by asserting the hashed values themselves, instead of decrypting and asserting the plain-text values. To validate logins when you're using hashes, you'd hash the password the user just attempted to log in with and compare it with the hash you have on your DB. If they match, login is successful.

Cracking hashes involves guessing hashing various different strings and trying to match hashed values to the ones illegally obtained from a DB. There are lists available on the internet with millions of already hashed values to make hash cracking easier, those are known as Rainbow Tables and they can be easily countered with the use of Salts.

It's also worth noting that since hashing algorithms are able to digest GBs of data into significantly smaller strings, mathematically, two different values may have identical hashes. Even though this is very rare, it is an existing problem, and its known as Hash Collision.

Can you immagine if hashing was reversible? Hard drives would be reduntant since we would be able to hash thousands of GBs into a small string of text and reverse them as we pleased. It would be the nirvana of data compression and storage.


Related Wikipedia Articles:

Hashing Algorithms: http://en.wikipedia.org/wiki/Hash_function

Rainbow Tables: http://en.wikipedia.org/wiki/Rainbow_table

Salts: http://en.wikipedia.org/wiki/Salt_(cryptography)

Collision: http://en.wikipedia.org/wiki/Collision_(computer_science)

Symmetric Encryption: http://en.wikipedia.org/wiki/Symmetric-key_algorithm

Assymetric Encryption: http://en.wikipedia.org/wiki/Public-key_cryptography




回答2:


SHA-1 is not an encryption algorithm, it's a hashing algorithm. By definition, you can't "decrypt" anything that was hashed with the SHA-1 function, it doesn't have an inverse.

If you have an arbitrary hashed password, there's very little you can do to retrieve the original password - If you're lucky, the password could be in a database of reverse hashes, but that's as far as you can go.

And the message extraction algorithm expects the original password to perform the verification - the algorithm will hash the provided plain-text password and compare it against the stored hashed password, only if they're equal the plain-text message will be revealed.




回答3:


Hash functions are one way tickets. You cannot use them for encryption.

Hash function algorithms are realised through modulo, xor and other familiar (one way) operations.

You may try to find what argument was used to generate hash but in theory you will never be 100% sure it is the correct value.

For example try with a really simple (useless in cryptography) hash function modulo 10. This function returns ten different values. If it's 7 you may guess the entry was 7 or 137 and 1234567. Same with md5, sha1 and better ones.

As you can see, in the case when you are using hash function that returns only 40 bytes with files that are much bigger (maybe even few hundred megabytes) there in theory exists infinite numbers of files for each possible hash.



来源:https://stackoverflow.com/questions/18433917/decrypt-sha1-with-password-in-python

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!