Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
265 views
in Technique[技术] by (71.8m points)

security - Is it possible to reverse a sha1?

Is it possible to reverse a sha1?

I'm thinking about using a sha1 to create a simple lightweight system to authenticate a small embedded system that communicates over a unencrypted connection.

Let's say that I create a sha1 like this with input from a "secret key" and spice it with a timestamp so that the sha will change all the time.

sha1("My Secret Key"+"a timestamp")

Then I include this sha1 in the communication and the server, that can do the same calculation. And hopefully nobody would be able to figure out the "secret key".

But is this really true?

If you know that this is how I did it, you would know that I did put a timestamp in there and you would see the sha1. Can you then use those two and figure out the "secret key"?

secret_key = bruteforce_sha1(sha1, timestamp)

Thanks Johan


Note1: I guess you could brute force in some way, but how much work would that actually be?

Note2: I don't plan to encrypt any data, I just would like to know who sent it.

question from:https://stackoverflow.com/questions/2235079/is-it-possible-to-reverse-a-sha1

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

No, you cannot reverse SHA-1, that is exactly why it is called a Secure Hash Algorithm.

What you should definitely be doing though, is include the message that is being transmitted into the hash calculation. Otherwise a man-in-the-middle could intercept the message, and use the signature (which only contains the sender's key and the timestamp) to attach it to a fake message (where it would still be valid).

And you should probably be using SHA-256 for new systems now.

sha("My Secret Key"+"a timestamp" + the whole message to be signed)

You also need to additionally transmit the timestamp in the clear, because otherwise you have no way to verify the digest (other than trying a lot of plausible timestamps).

If a brute force attack is feasible depends on the length of your secret key.

The security of your whole system would rely on this shared secret (because both sender and receiver need to know, but no one else). An attacker would try to go after the key (either but brute-force guessing or by trying to get it from your device) rather than trying to break SHA-1.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...