Solved

unhashing the hashed string.(decrypt)

Posted on 2004-10-13
8
1,134 Views
Last Modified: 2009-12-16
hi all
I am encoding the password to be inserted in the database using following piece of code.
------------------------------------------------------------------------------------------------------------------
     Dim oEncoder As UTF8Encoding
            Dim oMD5Hasher As MD5CryptoServiceProvider
 
            Dim byteHashedPassword As Byte()
 
            oMD5Hasher = New MD5CryptoServiceProvider
            oEncoder = New UTF8Encoding
            byteHashedPassword = oMD5Hasher.ComputeHash(oEncoder.GetBytes(sPassword & sUserName.ToLower))
'i insert bytehashedpassword in the db in password field which is of datatype binary
----------------------------------------------------------------------------------------------------------------
I have problem decrypting it.

Can somebody help me. I again want to decrypt(unhash) it to string from binary.

Thank you in advance
 
With Best Regards
Vivek Phadke
0
Comment
Question by:vicky_phadke
  • 5
8 Comments
 
LVL 14

Accepted Solution

by:
AvonWyss earned 500 total points
ID: 12305735
You cannot unhash a hash. That would defeat it's purpose. The hash is a value which is different with a very high probability for each different string, so that the hash can be used as identifier for that given string. But you shall not be able to revert the hashing process, especially not MD5 and other cryptographic-grade hashes.

But what you can do is hash the password you've received with the same method and then compare the two hashes. If they are identical, you can safely assume that the passwords entered were equal.

The only way to "unhash" is by brute force attack, e.g. try every possible solution, hash it, and see if the hash is the one you were looking for. But this is not practical for longer and secure passwords (e.g. containing at least a digit and some special char like ,.-_* as well as both upper-and lowercase chars, with a length of 8 minimum).
0
 

Author Comment

by:vicky_phadke
ID: 12306123
So there is no way i can unhash it?
Well I am diong the forget password thing. I need to send the user his forgotten password. Although i can generate a new password and give it to him. But then the basic need of unhashing would be defeated. What i feel is the thing that is encrypted can be decrypted provided we have all the keys.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306145
Well, hashing is NOT encrypting, but hashing. These are different things! If you want to encrypt it, there are also asymmetric and symmetric encryption algorithms contained in the .NET framework, which then can be used to decrypt it again. But the HASH is not an encryption!
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306190
Hashes are used for the verification of values. A hash has a fixed size (for instance, MD5 and SHA1 are 16 bytes AFAIR), independently of the size of the contents hashed. You can hash hundreds of GB into the 16 byte hash! Now, given that you hashed anything large, how would you expect to recover the original contents from the 16 bytes of the hash? It's not possible, or it would happen to be the perfect packing alogrithm *g*...

The point is that these 16 bytes of the hash are very very very very unlikely the same for any two hashed values. If you change one bit, or swap two bytes in the data you're hashing, you get a completely different hash, which does not look anything like the one of the unchanged contents. This means that even slight changes in the contents are reflected in the hash, but the changed hash gives you no clue how much and what has changed in the contents.

So, there is NO unhashing. Hashing is NOT an encryption, but a means to verify data integrity or data equality of an arbitrary amount of data. If you tamper with the data, the hash immediately becomes invalid. That's what a hash is made for.
0
 
LVL 4

Expert Comment

by:Farshid-Zaker
ID: 12306766
Hash algorithm like MD5 or SHA4 have not reverse solutions. If you want to regenerate password from encrypted value, you should use other encryption algorithms.

Farshid
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12540224
My comments accurately answered the questions asked.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12542094
vicky_phadke, what did you miss to give an A grade? What could I have done better? Thank you fro your feedback, so that I can give better comments in the future.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary Displaying images in RichTextBox is a common requirement with limited solutions available. Pasting through clipboard or embedding into RTF content only support static images.  This article describes how to insert Windows control objects int…
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question