SHA1 with a passphrase, no passwords involved [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 8 years ago.

I am retrieving a session id and key from a remote server that I do not have root access to. I would like to encrypt this data for my own reasons, and when I have to send the keys back to the API server for w/e, I need to decrypt. As I understand it, you cannot just decrypt an SHA hash. Is there a way to pass the session info to an encrypted variable with a specific passphrase, or "decrypt key", that will later allow me to decrypt?

I have searched, and googled the subject. All it turns up are people looking to decrypt passwords stored in SHA1. This is not a noob attempt to learn how to brute force/collide a hash. I have a legit purpose for this.

Answer 1

You cannot "decrypt" a SHA-1 hash, it is a "digest" (or "signature") algorithm and not an encryption algorithm.

It is only possible to check whether some other text you have has the same signature, and in that regard SHA-1 is a very strong algorithm, albeit not without its weaknesses, particularly when used with low-entropy source data such as passwords.

Answer 2

As far as I'm concerned, there's no way to decrypt a SHA-1 hash since SHA-1 is only a one-way hash method. If people were able to decrypt those then SHA-1 wouldn't be a very safe hashing algorithm method at all.

Answer 3

There is a large difference between hashing and encryption.

Hashing is meant to be one-way. That means once you hash something it will only exist as a hash and you should not be able to determine the input from the output. SHA-1 is one of these.

For encryption however you want to do exactly that. There's different ways of achieving this as well. You can work with symmetric or asymmetric encryption. The difference is that for symmetric encryption you need the same key for encrypting and decrypting data. Examples for this are DES and AES. Asymmetric encryption has different keys for encrypting and decrypting data. You can also use those for signing data. Examples for this are RSA or ElGamal.