1

In my code I calculate hashes for known codes and a secret with SHA-1:

SHA-1(code + secret) = hash

A attacker can do statistical analysis on the database and for example guess that the code 03220 produces a specific output.

SHA-1(03220 + secret) = f24647f6573032838969db0934c63f6aa99c6173

The secret is 120 Bit long and for example Wqj5ASoan1iCjnjLeO6fL.

My question is how long it would take for an attacker to brute force the secret, when he knows the used code and output of the hash? Is it secure?

Anders
  • 65,052
  • 24
  • 180
  • 218
John Smith
  • 225
  • 2
  • 6
  • 3
    In this case it's mostly a matter style, but you should use HMAC instead of homebrew keyed hashes. – CodesInChaos Oct 18 '16 at 07:05
  • Definitely related: [Is my understanding of SHA1 correct?](https://security.stackexchange.com/q/139748/2138) – user Oct 18 '16 at 13:04

2 Answers2

5

It is possible to brute-force with 7 Giga SHA1 per second on a good system. When we assume that your "secret" is indeed randomly generated (as it looks like) and is 120 bits long, we can guess the necessary time to find a match:

  possibleCombinations = 2 ^ bitsOfPassword
  expectedTimeInSeconds = (possibleCombinations / triesPerSecond) / 2

This makes about 3E18 years, so brute-forcing is clearly out of question. As mentioned, this only applies for really random "secrets". If only the SHA1 hashes are stored in the database, there should be no way to guess the "key".

I wonder what your intention is although, there are better ways to combine a key with a token (HMAC), or is it used in the context of password storage?

schroeder
  • 125,553
  • 55
  • 289
  • 326
martinstoeckli
  • 5,189
  • 2
  • 27
  • 32
  • Hi @martinstoeckli thanks for this great answer! I do not store passwords. I have a database where the stored information needs to be hidden but also searchable. Using AES-GCM encryption was no option because it generates different encrypted data. Using SHA-1 I get the same hashed data for the same input, it allows me to perform search on the database. My main concern in this question was if the `secret` can be guessed from the hashes? For me it is really important that the `secret` stays secret, because its also used as key for encrypting more confidential data. What`s your opinion on this? – John Smith Oct 18 '16 at 22:21
  • 1
    @JohnSmith - The secret cannot be guessed from the hashes, SHA* is designed in a way, that does not allow conclusions about the original content or about similarities to other content. As mentioned, your problem is a good case for a [HMAC](https://en.wikipedia.org/wiki/Hash-based_message_authentication_code), whose job is to bring a key into the hashing. Using a second independend key is surely not a bad idea, maybe you want to share it with more people than the first important key, but i cannot see a security problem in using the same key (keep in mind that I'm not a cryptographer). – martinstoeckli Oct 19 '16 at 06:16
-1

Quick answer:

Is NOT secure. SHA-1 was deprecated not only for being pretty easy for modern computers to brute-force (even more with the ASIC's developed for computing SHA operations), but for some mathematical weaknesses that made it more vulnerable and easier to break.

Read: https://en.wikipedia.org/wiki/SHA-1#Attacks

You can also read this article wrote IN 2012: http://arstechnica.com/security/2012/10/sha1-crypto-algorithm-could-fall-by-2018/

In which you see it was already considered weak, not by brute forcing, but by weakneses that make this algorithm easier to break (finding collissions is much easier than trying to brute-force).

By this year, many ASIC's (Application-Specific Integrated Circuit) have been developped to calculate SHA hashes quicker (mostly used for mining in cryptocurrencies as Bitcoin).

KanekiDev
  • 1,039
  • 6
  • 9