SHA512 Hash Cracking

SHA-512 is a hashing function similar to that of SHA-1 or the SHA-256 algorithms. The SHA-512 algorithm generates a fixed size 512-bit (64-byte) hash. This type of hash calculation was designed as a one way function. It cannot be reversed but can be cracked by simply brute force or comparing calculated hashes of known strings to the target hash.

Below is an example hash, this is what a SHA-512 hash of the string password looks like. Identification of these hash types is a matter of picking the length and then starting with the most common forms of these hashes.

b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86

Go ahead and test our free password recovery of a SHA-512 hash using a password dictionary and brute force matching of the resulting hash.

Hash:



Please wait while we match the password
Job complete, the hash was found: {{ submitresponse }}
Job complete, the hash was not found.
Error starting job, please check hash.

Background on SHA-512 Hashes

SHA-2 is a family of hashes including the popular SHA-256 and SHA-512 functions. These are generated using a similar technique however they are stronger mathematically, making brute force attacks against them more difficult. Even so, there are better encryption algorithms that can be used for password storage in modern web applications. A popular and secure method is the bcrypt function.

Cracking SHA-512 Hashes

Attacking (often referred to as cracking) SHA-512 hashes is performed by computing possible matches of the original string as fast as possible to find the matching hash.

See the following chart to get an idea of the weakness in standard hashing algorithms for password storage. These show brute force attempts against a single hash. cudaHashcat is running on an NVIDIA 560 GTX GPU that is a few years old now, so consider these on the low end of what is capable.

Note the difference between hashcat and cudaHashcat against the same SHA-1 hash. The numbers get pretty crazy pretty quickly, as you can see MD5 hashes are being brute forced at 1.8 billion per second.