08/25/25
By @BootlegFish
Hash decoding seems impossible, right?. Well i might just prove you wrong. But before all of that, what even is a hashing algorithm?
for those who dont know, a hashing algorithm is a algorithm that encodes a string of text into a long string of characters called a "Hash". Hashing is great because it is a form of one way enoding, meaning it is practically impossible to reverse engineer a hash value. However, there is a method that can be used.
After reading the previoius statement, you might say that this is very difficult, but it is surprisingly straightforward. First you would get a wordlist (A really big wordlist with like anywhere from 100k to 5m words). Then you would get their appropriate hash values using a script (Check out my hash decoding repo to see that script in action). You would then end up comparing the hash values and whichever ones are the same, you would know the passcode. However there is a pretty major flaw to this strategy.
Peppers and Salts. Yes i know it sounds like that cannot possible be the answer but it is indeed. What a Pepper or Salt is where before the encoding process begins, you add a additional string of characters. This basically renders that previous strategy entirely useless. You could also use multiple algorithims or encode multiple times.
While this could potentially be a good strategy, there are still many ways to prevent it. But if we could take away anything from this, it is to always add salts and peppers.