You can't bruteforce a hash because of collisions, especially when you're dealing with completely random strings such as keys to begin with. There are a (virtually) infinite amount of strings that have the same hash
Password guessing works because it's using a dictionary-based attack and calculating what the hash of known words actually is
You don't need to bruteforce, sha1 collision attacks (namely collision detection) has been possible since 2012 and substantially improved in speed since. This is why Google is trying to push everyone away from sha1.