I recall hearing that some weaknesses were discovered with SHA-1 making it easier to find the plaintext input given the output hash. I also know that MD5 has been determined to be weak for some applications. I’m trying to create a program to demonstrate the different complexities of 2 approaches: a brute force search to find the input, and an exploitation of a weakness in SHA-1 or MD5 to find the input.
The plaintext inputs will be of length <4 and will consist of only A-Z, so brute force isn’t impractical.
My questions are:
Is there a C/C++ implementation to reverse SHA-1 by exploiting the weaknesses?
Is there a C/C++ implementation to reverse MD5 by exploiting the weakness?
My current feeling is that any approach to exploitation of the weakness will not have enough of a difference in time-complexity to demonstrate a benefit for such a small sample size.
For a very detailed outline of a SHA-1 exploit, see
https://hashcat.net/p12/js-sha1exp_169.pdf
For such a small input sample, you can build an in-memory rainbow table of all possible input values and their hashes in milliseconds. I doubt you would measure any significant difference using an exploit vs. brute force.
Further, for such a small input range, collisions are extremely unlikely (therefore there will almost certainly be no collision pairs).