Reversing SHA-1 or MD5 given (small) input length without brute force

Question

I recall hearing that some weaknesses were discovered with SHA-1 making it easier to find the plaintext input given the output hash. I also know that MD5 has been determined to be weak for some applications. I'm trying to create a program to demonstrate the different complexities of 2 approaches: a brute force search to find the input, and an exploitation of a weakness in SHA-1 or MD5 to find the input.

The plaintext inputs will be of length <4 and will consist of only A-Z, so brute force isn't impractical.

My questions are:
Is there a C/C++ implementation to reverse SHA-1 by exploiting the weaknesses?
Is there a C/C++ implementation to reverse MD5 by exploiting the weakness?

My current feeling is that any approach to exploitation of the weakness will not have enough of a difference in time-complexity to demonstrate a benefit for such a small sample size.

Answer 1

For a very detailed outline of a SHA-1 exploit, see

https://hashcat.net/p12/js-sha1exp_169.pdf

For such a small input sample, you can build an in-memory rainbow table of all possible input values and their hashes in milliseconds. I doubt you would measure any significant difference using an exploit vs. brute force.

Further, for such a small input range, collisions are extremely unlikely (therefore there will almost certainly be no collision pairs).

Answer 2

No, this is not possible. While some weaknesses do exist in MD5 and SHA-1, they do not generally permit preimage attacks of this form -- most of the known weaknesses involve the construction of collision pairs.