What is SHA1?
In cryptography, SHA-1 is a cryptographic hash function
designed by the National Security Agency and published by the
NIST as a U.S. Federal Information Processing Standard. SHA
stands for Secure Hash Algorithm. The three SHA algorithms are
structured differently and are distinguished as SHA-0, SHA-1, and
SHA-2. SHA-1 is very similar to SHA-0, but corrects an error in
the original SHA hash specification that led to significant
weaknesses. The SHA-0 algorithm was not adopted by many
applications. SHA-2 on the other hand significantly differs from
the SHA-1 hash function. SHA-1 is the most widely used of the
existing SHA hash functions, and is employed in several
widely-used security applications and protocols. In 2005,
security flaws were identified in SHA-1, namely that a
mathematical weakness might exist, indicating that a stronger
hash function would be desirable. Although no successful attacks
have yet been reported on the SHA-2 variants, they are
algorithmically similar to SHA-1 and so efforts are underway to
develop improved alternatives. A new hash standard, SHA-3, is
currently under development - an ongoing NIST hash function
competition is scheduled to end with the selection of a winning
function in 2012.
How does it work?
Sha-1 is a cryptographic function that takes as input a 2^64
bits maximum length message, and outputs a 160 bits hash, 40
caracters. Sha-1 is an improvement of Sha-0, it was created by
the NSA, and improve cryptographic security by increasing the
number of operations before a collision (theory says 2^63
operations), however Sha-1 is not considered as secure because
2^63 could be reach pretty easily. It was replaced by Sha-2 (224,
256, 384 and 512 bits), and more recently by Sha-3. Like Md5,
Sha-1 is an unilateral function, to decrypt the plaintext behind
a hash, you have to confront it to a online database. This
website allows you to compare your Sha1 hashes and decrypt it if
you're lucky, thanks to our efficient online database. This
database contains 6,227,832,153 words, coming from all the
wordlists I was able to find online. I then computed for days to
enlarge the database and make it really unique, which will help
you into Sha1 decryption. About security, Sha-1 is not considered
anymore as a secure hash type. If you still want to use it (and
you should instead use Sha-2 functions), you should consider
using a salt to make hackers life harder. A salt consist in a
string you add to the user password before hashing it. This
string could be a random sequence, a timestamp, or anything that
will make the password harder to be found.