-6

How can I unhash sha512? Any one help me for unhash this code?

I have this code:

password_hash(base64_encode( hash('sha512','e4cefc2b2d9fd250c8e526770c2841b4bd9e1f7509ebbd13f997151153c2c86a69a2f28d0f4e9b23e9f2fc31f0103b5a4fae2ad9f1706845ea9b817517943aa2', true) ), PASSWORD_DEFAULT );

Database stored value:

$password = e4cefc2b2d9fd250c8e526770c2841b4bd9e1f7509ebbd13f997151153c2c86a69a2f28d0f4e9b23e9f2fc31f0103b5a4fae2ad9f1706845ea9b817517943aa2;
Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206
whitecare
  • 1
  • There is a topic about this if you want to check: https://stackoverflow.com/questions/40076870/how-to-decrypt-a-sha512-encrypted-variable?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa – mad4n7 Apr 19 '18 at 17:26
  • 3
    You don't unhash values created with `password_hash()`, you verify that they match a known value with `password_verify()`. – Alex Howansky Apr 19 '18 at 17:30
  • Do not hash the password with `sha512` or `base64_encode()` the result either. Bcrypt (the current default for `password_hash()`) has a password limit of 72 characters and anything after this is ignored. `sha512` produces a hash of 128 hex characters, and when you `base64_encode` this, it's 172 characters long, meaning more than 50% gets truncated. If you *must* pre-hash it first, use `sha256` and do not base64_encode that because all it does is lengthen the string and is utterly pointless in this context. – Mike Apr 19 '18 at 20:14
  • [This was not a question about encryption](https://paragonie.com/blog/2015/08/you-wouldnt-base64-a-password-cryptography-decoded#passwords). – Scott Arciszewski Apr 21 '18 at 19:15

1 Answers1

5

The definition of a hash function is that it cannot be reversed. Period. If it can be reversed, it's not a hash.

Vietvo
  • 91
  • 7
  • 5
    To be pedantic that's not the definition of a hash function (there's a lot more to it than that). But it's an important and necessary property of cryptographic hash functions. – ChrisGPT was on strike Apr 19 '18 at 17:35