How does SHA1 cracker works?
I'm trying to understand how easy it is to crack a SHA1 hashed password. I have a training database giving hundreds of password hashed
I have tried to use some online tools to crack them and I have realized that I can only crack relatively simple passwords with them.
For what I know, to crack a hask, you generally use rainbow tables. In that sense, for me, you can only crack simple passwords. But some people online seem to say that tools like John the Ripper or Hashcat can crack anything.
So I was wondering, is it always possible to crack a SHA1 password (even a really complex one)?
No, SHA-1 cracker don't work that easily.. Currently, there are two main issues with using the hash function for security purposes (not specifically password hashing):
It is a very fast hash, meaning a brute force attack will run much more quickly than it would if you were to correctly use a slow KDF. The fact that SHA-1 is fast does not allow you to crack any password, but it does mean you can attempt more guesses per second. It is vulnerable to collision attacks, as Google showed. A collision attack allows someone to create two inputs with the same hash. However, it does not allow them to reverse a hash or to modify an input without affecting the resulting hash. That would be a different kind of attack called a preimage attack, and SHA-1 is not vulnerable to that attack. So no, you are not able to crack just any password that has been hashed with SHA-1 unless the password is short or weak. That does not mean you should use it for password hashing however, since it is so fast and is efficiently implemented on a GPU.