9

Below i had encrypted a string varible using sha1. And now i would wish to decrypt data using sha1 function, but am going some where. Would some one come forward and guide me in proper way please.

Below is my code

<?php
   $variable  = "tiger";
   echo $variable;
   $encrypt = sha1($variable);
   echo $encrypt;
   $decrypt = sha1($encrypt);
   echo $decrypt;
 ?>

And i get output like this

tiger
46e3d772a1888eadff26c7ada47fd7502d796e07
989df2c8b5ea37eb7cfde0527d94c01a15257002
Mani Kandan
  • 699
  • 1
  • 10
  • 30
  • 3
    I think you misunderstood something - `sha1` is not an encryption in the way that it can be (easily) decrypted (see [this](https://stackoverflow.com/questions/2235079/is-it-possible-to-reverse-a-sha1) answer) – kero May 13 '15 at 11:36
  • 7
    It's not possible to decrypt `sha1`. With `sha1` you can **hash** a string, once a string is hashed you cannot decrypt it. – Daan May 13 '15 at 11:36
  • Perhaps you're thinking that `sha1()` is a simple Caesar cypher like `str_rot13()`: `$variable = "tiger"; echo $variable; $encrypt = str_rot13($variable); echo $encrypt; $decrypt = str_rot13($encrypt); echo $decrypt;` – Mark Baker May 13 '15 at 11:40
  • What are you using this for? You can not decrypt! These are one way hashing algorithms made to be irreversible however it is possible to use a "Rainbow table" to figure out what the original content was. – Enayet Hussain May 13 '15 at 11:40
  • You can not decrypt sha1() bcoz sha1 is not an encryption process. Its make data hash. So you can not retrieve it in original form – Nahid Bin Azhar May 13 '15 at 11:40
  • Possible duplicate of [How to decrypt SHA-256 encrypted String?](http://stackoverflow.com/questions/9316437/how-to-decrypt-sha-256-encrypted-string) – Benedict Lewis May 30 '16 at 23:50

8 Answers8

30

SHA-1 is an one-way hash function.

According to wikipedia

A cryptographic hash function is a hash function which is considered practically impossible to invert, that is, to recreate the input data from its hash value alone.

http://en.wikipedia.org/wiki/Cryptographic_hash_function

Thus you simply can not decrypt it.

Zgr3doo
  • 1,765
  • 17
  • 20
  • 1
    But you can do it – Bagi Aug 16 '17 at 02:58
  • What I mean is you can do it with brute force. But it would take some much time and resources to accomplish that. – Bagi Aug 17 '17 at 02:54
  • 3
    Only brute-force method which I know is not using your hashed value as an input. It instead tries to produce same result as your hash by using wide input set and compares output of every computation with your hash. So there is no decoding involved in this process. – Zgr3doo Aug 18 '17 at 07:54
1

simply you can use custom encoding decoding for your password if not then you can use base64_encode() to store in db and base64_decode() for using in profile etc

Muhammad Waqar Irshad
  • 11
  • 2
0

SHA-1 can't be decrypted directly. This is the idea behind it: encryption that can't be decrypted easily.

The only way to solve it is brute-force: Try to guess the correct result by encoding phrases and checking if they fit the provided phrase.

If you want to use SHA-1 for stuff like logins: Encode the entered password in SHA-1 as well and check if it's the same as one saved in SHA-1.

YakovL
  • 7,557
  • 12
  • 62
  • 102
DocRattie
  • 1,392
  • 2
  • 13
  • 27
0


SHA1 cannot be derypted easily.
The only way through it is a brute-force cracker.
They're widely available online like: http://md5-sha.com/md5-encrypt-hash-generator-online
Those websites have a large database of already hashed passwords which can be very useful.
Hope it helps, have a nice day.

Badr Fennane
  • 17
  • 2
0

SHA1 hash can't be derypted but you can try online on many different sites which have hug database of password and it's SHA1 hash. So you can try below online tools :

SHA1 Decoder Online

SHA1 tool

Girish Patidar
  • 354
  • 4
  • 14
0

You cannot decrypt it.

Hashing is one way only - MD5 and SHA-1 both are one-way hash functions.

You have to create new hash of the input at the login form and check if it is equal to the stored hash.

Aditya P Bhatt
  • 21,431
  • 18
  • 85
  • 104
0

In short sha1() CAN be decrypted. However only fairly simple strings can be. A password with numbers, upper and lower case and special characters will prove difficult but the likes of Password12345 can be decrypted via -

https://md5hashing.net/hash/sha1

***Bit more research. sha1() does not ever change how it encrypts the characters - so for example "MyPassword that was encrypted with sha1() 6 years ago STILL gives the output of "daa1f31819ed4928fd00e986e6bda6dab6b177dc" today in 2020.

These values are obviously stored in the above website and as time goes on the library of recognised passwords grows.

Sam Donaghy-Bell
  • 35
  • 7
-1

If you can't decrypt and you want to show the value then use this method.

Example you are creating login form with password encrypted and want to show password to user after login in their dashboard.

then create two columns one column is for encrypted_password and one for not_encrypted_password,

$not_encrypted_password="password";
$encrypted_password =sha1("password");
$sql = mysqli_query($conn,"INSERT INTO user (not_encrypted_password,encrypted_password)VALUES('$not_encrypted_password','$encrypted_password')");

in this way you can use login for column encrypted_password and to show password in dashboard for user use column not_encrypted_password.

imtaher
  • 430
  • 4
  • 9