Reverse SHA1.ComputeHash()

Question

I have password saved using SHA1.ComputeHash, i forget the passsword

Does there have anywhere to reverse SHA1.ComputeHash to show the password again?

Below is Function i use to save password.

 Public Function ComputeHashPwd(ByVal Password As String) As String

        Dim saltedPwBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
        Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
        Dim hashedPwBytes() As Byte = sha1.ComputeHash(saltedPwBytes)
        Dim hashedPw As String = Convert.ToBase64String(hashedPwBytes)

        Return hashedPw
    End Function

Answer 1

There is no way to decrypt a SHA1 encrypted password back to normal text. The only way is to use the list of random passwords and compare each password's SHA1 hashed value to the that of your forgotten password.

Hope this helps.... 

-moderated-

Answer 2

One of the main purposes of hashes is to make it difficult to know what the hashed information was.

You are asking how to put a smoothie back into whole fruits.

Answer 3

I don't think that this forum feels it's appropriate to post links to hacking sites.

Answer 4

I figure if you're up to it you can review the below two links and reverse engineer the procedure they use to create an Sha1 hash perhaps.

SHA1 Description

RFC 3174 - US Secure Hash Algorithm 1 (SHA1) - This RFC may have been updated at some point for all I know.

In the below code is your function.

For the unhash function all I did was convert the base64string back to a byte array and compare what was in it to what was in the previous byte array which seems the same. Then all you need to do is anything else! :)

Option Strict On

Public Class Form1


    Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
        Me.CenterToScreen()
        Label1.Text = "Waiting"
        Label3.Text = "81fe8bfe87576c3ecb22426f8e57847382917acf" ' Just an example of a hash from one of the references.
    End Sub

    Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        If TextBox1.Text <> "" Then
            Label1.Text = ComputeHashPwd(TextBox1.Text)
            Label2.Text = Label1.Text.Count.ToString
            Label4.Text = Label3.Text.Count.ToString
            Label5.Text &= RichTextBox1.Text.Count.ToString
        End If
    End Sub

    Public Function ComputeHashPwd(ByVal Password As String) As String
        RichTextBox1.Text = ""
        Dim saltedPwBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
        Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
        Dim hashedPwBytes() As Byte = sha1.ComputeHash(saltedPwBytes)
        Dim hashedPw As String = Convert.ToBase64String(hashedPwBytes)
        Label5.Text = hashedPwBytes.Count.ToString & " .. "
        For Each Item In hashedPwBytes
            RichTextBox1.AppendText(Item.ToString)
        Next
        Return hashedPw
    End Function

    Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
        UnComputeHashPwd(Label1.Text)
    End Sub

    Public Function UnComputeHashPwd(ByVal Password As String) As String
        Dim HashedPWBytes() As Byte = Convert.FromBase64String(Password)
        RichTextBox1.AppendText(vbCrLf & vbCrLf & vbCrLf)
        For Each Item In HashedPWBytes
            RichTextBox1.AppendText(Item.ToString)
        Next
    End Function


End Class

---

La vida loca

Answer 5

Here you go, this will theoretically work EVERY time, but it may take a few minutes. Console App, you can feel free to add error checking and make it fancier

Module Module1
    Dim CharacterSet As String
    Dim Rnd As New Random
    Public Function ComputeHash(ByVal Password As String) As String
        Dim PWBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(Password)
        Dim sha1 As New System.Security.Cryptography.SHA1CryptoServiceProvider()
        Return Convert.ToBase64String(sha1.ComputeHash(PWBytes))
    End Function
    Sub Main()
        Dim LowPasswordLength As Integer = 6    ' change as desired
        Dim HighPasswordLength As Integer = 16  ' change as desired
        Dim TestString As String = ""
        Dim TestHash As String = ""
        Dim TargetHash As String = ""
        For charvalue As Byte = 32 To 126
            CharacterSet &= Chr(charvalue)
        Next
        Console.Clear()
        Console.WriteLine("Input the Base64 Hash to crack, hit ENTER when done")
        TargetHash = Console.ReadLine
        Do
            TestString = ""
            For Index As Integer = 0 To Rnd.Next(LowPasswordLength, HighPasswordLength + 1)
                TestString &= CharacterSet.Substring(Rnd.Next(0, CharacterSet.Length), 1)
            Next
            TestHash = ComputeHash(TestString)
            Console.WriteLine("Trying String " & TestString)
        Loop Until Console.KeyAvailable = True Or TestHash = TargetHash
        If TestHash = TargetHash Then
            Console.WriteLine("Success, press ENTER to quit")
        Else
            Console.WriteLine("Aborted, press ENTER to quit")
        End If
        Console.ReadLine()
    End Sub
End Module

Answer 6

"You are asking how to put a smoothie back into whole fruits."

Love it........

Answer 7

I figure if you're up to it you can review the below two links and reverse engineer the procedure they use to create an Sha1 hash perhaps.

---

La vida loca

You can't "reverse engineer" a hashing algorithm, at least not a good one, that's the whole point of what he algorithm does...  See "unsmoothiefying" as described above.

Your program would need to output "WhasUp?" to successfully "decrypt" the hash value.  You can use Devon's program to try it if you have nothing better to do (for the rest of your life lol).

---

Reed Kimble - "When you do things right, people won't be sure you've done anything at all"

Answer 8

The generally accepted criteria for a Hash Function is:

Computing the hash value for any given message is easy.
Generating a message that has a pre-specified hash is not feasible.
Modifying a message without changing the hash is not feasible.
Calculating the message if only the hash is known is not feasible.
Not feasible is defined as "unlikely to be solved in the time period during which the security of the object remains important"

The code I posted MIGHT solve a hash on the first try. It also might cycle until the person running it is too old to care, but it's more likely that a power outage would occur long before that.