Hi All,
I have encrypted the user field with sha256
index=abc sourcetype=xyz
| eval domain = sha256(User)
| table domain
I am able to see encrypted values under domain field
Is there a splunk command to decrypt it?
Encryption and hashing are different things - you are not "encrypting" data, you are just creating a hash of the data (User)
https://en.wikipedia.org/wiki/Hash_function
For example, if you think that A=1, B=2 etc, then a "hash" of the word "HELLO" could be 52 (8+5+12+12+15)
But you cannot reverse 52 to make the word "HELLO" again - 52 could equally be ZZ or 52 letter A
Encryption and hashing are different things - you are not "encrypting" data, you are just creating a hash of the data (User)
https://en.wikipedia.org/wiki/Hash_function
For example, if you think that A=1, B=2 etc, then a "hash" of the word "HELLO" could be 52 (8+5+12+12+15)
But you cannot reverse 52 to make the word "HELLO" again - 52 could equally be ZZ or 52 letter A
sha256 is a hash function, meaning that you cannot "decrypt" the output. It would have a profound impact in data security if anyone finds a way to reverse the output. (sha1 has been known to be insufficient for years but it wasn't until rather recently when Google managed to create a collision using their very powerful TPUs. Even then, it wasn't to decrypt the hash value; the only attack mode to a hash function is hoping to find a string that will produce the same hash value. There is no way to know whether the collision value is the original value.)