Dr Clèm's Blog


brute-force attack to recover SHA-1 hashed password.

Copyright (C) 2017 Clément Février


This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.


This is a simple C++ software to recover a password for SHA-1 hash. It is performing a brute-force attack.
Complexity: It is a simple brute-force algorithm, so the complexity increases exponentially with the size of the password.
Multithreading: On a N_CORE computer, if SEQTIME is the maximum time when launched with one thread, then the maximum time is SEQTIME / N_TREAD when N_THREAD < N_CORE and SEQTIME / N_CORE when N_THREAD > N_CORE


You need GCC < 8, Boost and Libtomcrypt for the program itself and git to download it. The restriction on GCC comes from an incompatibility between GCC 8 and Boost. On Ubuntu,

% sudo apt install g++ libboost-all-dev libtomcrypt-dev git
Then, you need to clone the git repository
% git clone https://clementfevrier.fr/git/SHA1BruteForce.git
% cd SHA1BruteForce



Modify the parameters in main.cpp.

  • HASH: The SHA-1 hash. Two accepted formats:
    • Without spaces, as usually stored. You need to ensure that it is 40 character-long. Example for the password ZZZ
    • With spaces. No restriction on the length of the string. But you need to ensure to have 20 spaced-separated hexadecimal numbers. It is the format used to display hashes in this program. Example for the password ZZZZZZ
      18 f3 f 1b a4 c6 2e 2b 46 e 69 33 6 b3 9a d e2 7d 74 7c
  • MaxLength: Maximum length of the password to test.
  • N_THREAD: Number of threads to launch. The program will launch at most a number of thread corresponding to the number of character to test. In other words, the length of list. In this case, it is 95.

(Optional) Profiling

You can use the Makefile as it is, but I recommend to add the flags specific to your architecture. Also, you can profile the code with the following steps. Set the variable test in main.cpp. For example, change line 91

const std::string test = "";
const std::string test = "!!!";
Add the flag -fprofile-generate to the variable CC in the Makefile. Clean objects in case already compile before and recompile with the new flag.
% make clean; make -j 2
Execute the code to generate the profile.
% ./sha1
Modify main.cpp to reverte back test to "" otherwise the SHA-1 hash that you want to crack will be ignore. Modify the variable CC in the Makefile to substitute -fprofile-generate by -fprofile-use -fprofile-correction. Finally, clean the objects to enforce recompiling all of them using the profile
$ make clean


Then compile with

% make
or, better,
% make -j 2
for parallel compiling. Any number greater than 2 will not have effect because there is only 2 objects.


Launch it with

% ./sha1
It will display the SHA-1 hash and the corresponding password if it find it.


You can safely clean the temporary objects with

% make clean
You can also clean all files produced by the project to recover fresh-like folder
% make mrproper

Dr Clément Février

Bonjour, Je suis Clément Février, docteur en physique théorique de l’université de Grenoble Alpes, ingénieur Recherche et Développement dans le domaine de l’imagerie médicale et de la chirurgie mini-invasive chez Surgivisio et soutien du mouvement La France Insoumise.

Dites les velotaffeur, vous avez entendu parler d'un casque qui a un feu avant, un feu arrière et des clignotants sur les cotés / avant arrière ? (Enfin un simple bandeau led de chaque coté se gère hein)
Genre un truc pour que les voitures voient qu'on tourne à droite ou gauche sans qu'on ai besoin de tendre le bras ?

Parce que bon, j'ai testé ce soir, passer sur les marquages au sol + les rails du tramway avec un bras levé sous la pluie, niveau stabilité on repassera ^^'

J'arrive pas à trouver :/ et les solutions existantes de clignotants sont seulement pour l'arrière

Si le coeur vous en dit vous pouvez partager ;)

#velotaff #boostappréciés :)

The only thing that really matter is, at the end of the day, to choose the correct method automatically without conditional statement at runtime. I really wonder is a workaround is possible.
I already tried to add "std::tuple< d1*, d2 > b_tuple" to class b, using some forward declaration, but, of course, std::get< i >(b_tuple) cannot compile since it will be known at runtime only.

But I allow complete refactoring code, even the b and d1 & d2. Templates, new classes and sub classes and even are fine (I already put 100-lines define to add iterator to enum and another one to allow enum inheritance, and my coworkers begin to hate me ^^)
For example, method "create" can become a class, or class b can be construct using a macro to make somehow the base class aware of derived ones
BASE(b, ...) std::tuple< __VA_ARGS__ > g_ ## b; class b