Is it possible to get the encryption key when you have the plaintext?

  • I have a question about SHA256. I know that this algorithm was used to encrypt a text, which I have. I also have the encrypted version of this text. My question is, can I somehow get to the encryption key with those infos?

  • SHA-256 is a digest algorithm, not an encryption algorithm. There is no encryption key: there is no secret that can help you go back from SHA256(message) to message.

    If you only know the SHA-256 value (256 bits, which may be presented as 32 bytes or as 64 hexadecimal digits), the only way to find the original message is by brute force: try all possible messages, compute SHA256(candidate), and if it matches, you have it. Since there's no key involved, if you already know the “plaintext” (the original message), you know everything.

    If you meant AES-256, that is indeed an encryption algorithm, which produces a ciphertext given a key and a plaintext, or a plaintext given a key and a ciphertext. More precisely, it is a family of encryption algorithms: AES itself can only encrypt messages of exactly 128 bits, and there are several modes of operation that extend the algorithm to messages of arbitrary length.

    With AES, or any serious encryption algorithm, even if you have the encrypted data (the ciphertext) and the original message (the plaintext), you are no closer to finding the encryption key. This is known as a known-plaintext attack, and AES is resistant to known-plaintext attacks as it should be.

    Or you might have meant HMAC-SHA-256. An HMAC is a message authentication code, which is different from a digest algorithm. A digest produces a fixed-size string from a message, such that the fixed-size string depends only on the message. A MAC produces a fixed-size string from a message and a secret key. If you know some message (plaintext) M and you also know HMAC-SHA-256(M, K), then here too you are no closer to knowing the key K. Again, resistance to known-plaintext attacks is expected of a MAC algorithm, and HMAC-SHA-256 is (as far as anybody knows publicly) a good MAC algorithm.

    The secret key involved in a MAC isn't an encryption key because there's no going back: if you know HMAC-SHA-256(M, K) but not M, knowing K won't help you find M. (No amount of secret knowledge could tell you which of the arbitrary-length messages was meant anyway, knowing only a fixed-size encryption key and a fixed-size MAC value.)

    1. First of all, SHA 256 is not an Encryption algorithm, its a Hashing Algorithm.

      1. Encryption algorithms are like locks. You put the data in and encrypt it with a key (Locking). Now, use the same key or an asymmetric key to decrypt it and you will get the original data (Unlocking).

      2. On the other hand, Hashing algorithms are like one-way locks. You get the hash of the input data. Its highly difficult to create another data which produces the same hash. If you manage to do it, it is called hash collision. Since, hashes are unique to the given data, they are useful in wide range of domains, most importantly Security.

    2. Second, it doesnt use any key as such.

    3. You can read more about the Cryptanalysis here

  • This would be unusual, SHA256 is used to hash a text. So my guess is that you have the hash of some plaintext, and the plaintext.

    If no key was used, you can simply use SHA256 on the text, and see if the hash is the same. That way you can know if someone altered your text

    If a key was used (hmac sha256), and you want to find the key, you can brute force the key. This means that you generate hashes of your text, using SHA256 and different keys, until the hashes match.

    This is a computionally very expensive procedure, and depending on the used key it is unlikely that you will find the key in a reasonable amount of time.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM