Why not SHA512 Decrypted?
Technically speaking SHA512
password hashes are not cracked or decrypted . They are matched using a list of possible passwords, it is more akin to reversing than breaking. A list of possible passwords (dictionary) is computed to generate a list of SHA512 hashes and the one that matches the target hash corresponds with the now known password.
Passwords stored as an SHA512 Hash are usually represented as a 40 character hexadecimal number. The power of modern computers (particularly GPU based) makes SHA512 a password storage function that is not secure.
An example SHA512 hash of the string password is b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86.
Try to match the example in our online SHA512 password hash tool below.
Benchmark SHA512 with Hashcat (CPU vs GPU)
In this chart it is clear to see the power of a modern GPU compared with a modern CPU against common SHA based hashes. Note that these are not even using the latest hardware available to consumers, in addition dedicated attackers can run 8 GPU's in a single system to increase the hash rate.
SHA512 Hash Command Line Examples
SHA512 hash of a string using Bash
Using bash
on any Linux command line you can get the SHA512 hash of a string simply by echoing the string to the sha512sum
utility. Using echo -n
ensures the line break is not included in the hash generation.
user@host:~$ echo -n password | sha512sum - b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 -
SHA512 hash of a file using Bash
In this example we use bash
and the sha512sum
utility to generate an SHA512
hash of a file. It is interesting to note that a simple text file with the "password" string matches the hash of the string password. As long as there is no line breaks in the file the hash will match. Of course getting the SHA512 sum of a file is often used to confirm a files integrity - that two files from different locations or that have been downloaded match. The hash
function can be performed against any file type not only simple text.
user@host:~$ echo -n password > test.txt user@host:~$ sha512sum test.txt b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86 test.txt
SHA512 hash of a string using Python 3.x
Using python from the command line we can generate the SHA512 hash of a string using the hashlib
library. Note the use of this library in Python 3.x requires that the string be in byte string format (encoded).
user@host:~$ python3 Python 3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import hashlib >>> output = hashlib.SHA512(b'password') >>> print(output) <SHA512 HASH object @ 0x7ff7a3557f10> >>> print(output.hexdigest()) b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
SHA512 hash of a file using Windows
Since Windows 2003 there is tool that can be used to calculate SHA512 hashes of a file. The CertUtil
is able to perform this function as shown below. Note that files generated under Windows will be encoded differently to those generated under Linux or OSX.
C:\Users\vagrant\> CertUtil -hashfile test.txt SHA512 SHA512 hash of test.txt b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
If you see a different hash in Windows compared to Linux you may find that the two files are actually different. Even though they both might contain exactly the same text; there can be differences in the encoding or line breaks. To test try running the Linux file
command on the Windows generated file. If the result is test.txt: Little-endian UTF-16 Unicode text, with no line terminators
then this will account for the difference. You could also run hexdump
on the two different files to see the differences in the raw bytes of the files.
SHA512 hash of a file using Powershell
Using Powershell
we can also generate an SHA512 using the Get-File-Hash
cmdlet. Note that even plain text files generated under Windows may be encoded differently to those generated under Linux or OSX. See note above.
PS C:\Users\vagrant> Get-FileHash -Algorithm SHA512 linux.txt Algorithm Hash Path --------- ---- ---- SHA512 5F4DCC3B5AA765D61D8327DEB882CF99 C:\Users\vagrant\test.txt
SHA512 hash of a string using PHP
A simple SHA512 function within PHP allows the hash to be generated in this example. The string being hashed could also of course be a variable or a binary blob.
user@test:~$ echo "<?php print(SHA512('password')) ?>" > test.php user@test:~$ php test.php b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
Brief History of SHA512
First developed in 1993 the SHA512 algorithm, as far back as 2005 the it was considered insecure against "well funded attackers". The increase in computing power has allowed brute calculations of SHA512 into the billions per second with common consumer hardware.
The algorithm to generate the hash is based on similar principles to MD5 but generates a larger hash value (160 bits vs. 128 bits).
If you are interested in the background and history of SHA512 there is a comprehensive wikipedia article.