Converting SHA1 to normal form

Question

I have a database where every password is passed via SHA1. Sometimes, I want to go to the users dashboard and look how it feels like. Is there a way, I could convert SHA1 to normal form just for testing purposes?

Thank You

Answer 1

If by "normal form" you mean "can I retrieve the string that created a given hash", the answer is no. And it should be NO, because that's the whole point of secure hashes: make it very easy to create, extremely complicated (ideally impossible) to revert, otherwise, why on Earth would you make a secure hash?

If you are trying to hack on the user's accounts, then I suggest you go to another forum.

Answer 2

SHA1 is a one-way hash. You can't convert it to normal form. You can read more about it here: http://php.net/manual/en/function.sha1.php

For testing purposes, you should create a test user account. Use sha1('test'); or whatever you prefer.

Answer 3

Since you cannot convert SHA1 to plaintext, you can edit the authentication script assuming its PHP where it encrypts the password input text to SHA1 and than compares it to the DB value to allow either the matched password, or an "admin" password.

For example, if your code is something like

if( $html_username_input == $db_username && $sha1_html_password_input == $db_password ) { //Authenticated } else { // Not Authenticated }

You can add in an elseif statement that says something like elseif( $html_username_input == $db_username && $sha1_html_password_input == $sha1_YOUR_ADMIN_PASSWORD ) { // Authenticated }

Obviously your code won't look exactly like that, but that is an option to allow you to check on random people's dashboards.

Answer 4

While the answer to your question is provided above, I'll mention something that might solve your problem.

You need to create dummy accounts to your own website. I realize your admin has all privileges, and for testing purposes this doesn't give you the user perspective. I named my dummy account fakeuser with the password fakepassword. This user exists only on my localhost where I do my testing.