java - is there a way to confirm that a string is a sha256 hash?

Question

I'd like to validate that a String is a sha256 representation of another without having to decrypt it. Is this possible?

Answer 1

I think what you could do is to hash the other string and then compare these two strings with each other.
No idea if this would help you but I read that it was commonly used praxis when creating rainbow tables for cracking password attempts.
EDIT: Oh forgot this is also the way to compare passwords in php when you login to a webpage iirc.
At least I had to do it like this for university.

Answer 2

A sha-256 value is just a 256 bits (32 bytes) value which you usually represent as a String or as a byte[] in Java.

As a value per se it's pointless, if you want to tell if a specific String is a hash then any 32 bytes number is a hash of an infinite unknown plain texts. But it's like asking "how do I know that a 32 bytes number is a number?", you see that you are going nowhere.

It's useful only when it's paired to a plain text so that you can compare it with the hash computed from the plain text to verify they match.

Answer 3

Yes and no.

You can test that a string is hex very easily. You can then test that it contains a statistically sensible number of digits and letters. That will rule out some common non sha256 strings.

But if someone creates a random string designed to look like a sha256, I don't think it's possible to distinguish it from the real thing by any mathematical test. The algorithm is designed to be robust to that.