Developer Builds Browser-Based SHA-1 Password Cracker with Key Bug Fixes
A developer has released a browser-based SHA-1 password cracking demo that corrects encoding and memory inefficiencies found in earlier implementations. The tool runs entirely in the browser using the Web Crypto API, supporting both salted and unsalted password lookups against a customizable password list. A core bug fix ensures strings are always encoded as UTF-8 bytes before hashing, preventing digest mismatches across languages and environments. For unsalted cracking, the tool precomputes a single hash-to-password map for fast constant-time lookups, while salted searches iterate efficiently to avoid generating memory-heavy cross-product combinations. The project consists of three files — index.html, style.css, and script.js — and is designed to be dropped directly into any static website.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in