Home/ Questions/Q 5943315
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T16:22:40+00:00

Ok, my answer was answered about password protection( php users passwords protection ) and

  • 0

Ok, my answer was answered about password protection(php users passwords protection) and my final code:

function sha1_custom($string) {
    $salt = sha1("1".$string."1");
    //In final code 1 replaced with others chars
    $string = sha1("$salt$string$salt");
    return $string;
}

Let’s say for strongest security, I want to encrypt IP, signup date, just everything. But in admin panel I want to retrieve that info, so it means I need decript it

Is it possible from this script/function to make a decrypt script/function?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No. The SHA-1 and other hashing functions’ goal is to be one-direction only. If you could even slightly speed up the process of decoding hash into original value, the hashing function mechanism would be considered broken and many people would probably resign from using that algorithm.

    The reason the hashing functions are used is just because you can use them to check whether you encoded the same value (if you encoded $value1 and got some hash as a result, and then you encoded $value2 and got the same hash as a result, you can be sure – practically 100% sure – that the $value1 is equal to $value2). They were just designed to make it extremely difficult (practically impossible) to decode hashes into input variables.

    However…

    There are attempts and possibilities to get to know the input variable, but they are based on the concept of Rainbow Tables. Rainbow table is a table consisting of pairs of input variables with generated hashes. They are precompiled and large in size, but they allow you to find input values for some of the hashes.

    And that is why salt was introduced. Salt is used to further complicate the input variable, to make rainbow table a less reliable solution. If you, for example, generate hash with MD5 for string 'home', you will get 106a6c241b8797f52e1e77317b96a201 hash and you will probably be able to decode it using some public rainbow table service on the Internet. But if you add some salt (eg. some line break symbols, some non-print characters etc.), the chances you will find any rainbow table allowing you to decode the hash (even the hash of such a short and simple word) would be extremely low.

    There is also one, additional reason to use salt. The reason is the following. If you use salt eg. for your authentication mechanism, all the values are being attached with this salt. For the attacker it means, that he has to determine the value that creates some given hash, and this value must contain salt you use within your system (hashing function itself is able to create some hash from two different values), and then extract the original input value (the one you attached to salt value and then hashed) to make it usable. So the issue complicates further.

    I hope this clarifies the concept of hashing algorithms and salts.

    • 0