Is it possible to reverse a sha1


Is it possible to reverse a sha1?

I'm thinking about using a sha1 to create a simple lightweight system to authenticate a small embedded system that communicates over a unencrypted connection.

Let's say that I create a sha1 like this with input from a "secret key" and spice it with a timestamp so that the sha will change all the time.

sha1("My Secret Key"+"a timestamp")

Then I include this sha1 in the communication and the server, that can do the same calculation. And hopefully nobody would be able to figure out the "secret key".

But is this really true?

If you know that this is how I did it, you would know that I did put a timestamp in there and you would see the sha1.
Can you then use those two and figure out the "secret key"?

secret_key = bruteforce_sha1(sha1, timestamp)


I guess you could brute force in some way, but how much work would that actually be?

I don't plan to encrypt any data, I just would like to know who sent it.

Best Solution

No, you cannot reverse SHA-1, that is exactly why it is called a Secure Hash Algorithm.

What you should definitely be doing though, is include the message that is being transmitted into the hash calculation. Otherwise a man-in-the-middle could intercept the message, and use the signature (which only contains the sender's key and the timestamp) to attach it to a fake message (where it would still be valid).

And you should probably be using SHA-256 for new systems now.

sha("My Secret Key"+"a timestamp" + the whole message to be signed)

You also need to additionally transmit the timestamp in the clear, because otherwise you have no way to verify the digest (other than trying a lot of plausible timestamps).

If a brute force attack is feasible depends on the length of your secret key.

The security of your whole system would rely on this shared secret (because both sender and receiver need to know, but no one else). An attacker would try to go after the key (either but brute-force guessing or by trying to get it from your device) rather than trying to break SHA-1.

Related Question