SHA-1 is a cryptographic hashing algorithm designed by the United States National Security Agency back in the early 1990s. It is used to create a message digest, which in cryptography is a one-way mathematical algorithm that takes data of any size and maps it to a bit string of a fixed size (a hash function). So, feed SHA-1 an arbitrary amount of data and it will produce a 20-character message digest. Whether you input "Synopsys," "I love cryptography!", or Act I from Shakespeare's Hamlet, the result will always be exactly 20 bytes.
People have used (and still use) SHA-1 to produce MACs. We're going to break a SHA-1 MAC that has been prefixed with a key. Namely:
message digest = SHA1(key || message)
Given the message digest and message, it shouldn't be possible to modify the message and produce a new corresponding message digest. That is, unless there is complete knowledge of the key. This isn't actually the case.
In this example, we'll take the message "user=mantej;" and generate a SHA-1 message digest under an unknown key. We'll continue to reverse engineer the hash, and use the result to create a valid message digest for the message "user=mantej; ... ;admin=true" without any knowledge of the key.
But before we do that, let's find a SHA-1 implementation and make a couple modifications.