java - is there a way to confirm that a string is a sha256 hash?

Question

I'd like to validate that a String is a sha256 representation of another without having to decrypt it. Is this possible?

Answer 1

Yes and no.

You can test that a string is hex very easily. You can then test that it contains a statistically sensible number of digits and letters. That will rule out some common non sha256 strings.

But if someone creates a random string designed to look like a sha256, I don't think it's possible to distinguish it from the real thing by any mathematical test. The algorithm is designed to be robust to that.

Answer 2

A sha-256 value is just a 256 bits (32 bytes) value which you usually represent as a String or as a byte[] in Java.

As a value per se it's pointless, if you want to tell if a specific String is a hash then any 32 bytes number is a hash of an infinite unknown plain texts. But it's like asking "how do I know that a 32 bytes number is a number?", you see that you are going nowhere.

It's useful only when it's paired to a plain text so that you can compare it with the hash computed from the plain text to verify they match.

Answer 3

I think what you could do is to hash the other string and then compare these two strings with each other.
No idea if this would help you but I read that it was commonly used praxis when creating rainbow tables for cracking password attempts.
EDIT: Oh forgot this is also the way to compare passwords in php when you login to a webpage iirc.
At least I had to do it like this for university.

Answer 4

You can get your machine to parse the string with specific rules and attempt to qualify the string as an sha hash. The following post might answer your question How to determine whether a string is a hash .