Solved

unhashing the hashed string.(decrypt)

Posted on 2004-10-13
8
1,172 Views
Last Modified: 2009-12-16
hi all
I am encoding the password to be inserted in the database using following piece of code.
------------------------------------------------------------------------------------------------------------------
     Dim oEncoder As UTF8Encoding
            Dim oMD5Hasher As MD5CryptoServiceProvider
 
            Dim byteHashedPassword As Byte()
 
            oMD5Hasher = New MD5CryptoServiceProvider
            oEncoder = New UTF8Encoding
            byteHashedPassword = oMD5Hasher.ComputeHash(oEncoder.GetBytes(sPassword & sUserName.ToLower))
'i insert bytehashedpassword in the db in password field which is of datatype binary
----------------------------------------------------------------------------------------------------------------
I have problem decrypting it.

Can somebody help me. I again want to decrypt(unhash) it to string from binary.

Thank you in advance
 
With Best Regards
Vivek Phadke
0
Comment
Question by:vicky_phadke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
8 Comments
 
LVL 14

Accepted Solution

by:
AvonWyss earned 500 total points
ID: 12305735
You cannot unhash a hash. That would defeat it's purpose. The hash is a value which is different with a very high probability for each different string, so that the hash can be used as identifier for that given string. But you shall not be able to revert the hashing process, especially not MD5 and other cryptographic-grade hashes.

But what you can do is hash the password you've received with the same method and then compare the two hashes. If they are identical, you can safely assume that the passwords entered were equal.

The only way to "unhash" is by brute force attack, e.g. try every possible solution, hash it, and see if the hash is the one you were looking for. But this is not practical for longer and secure passwords (e.g. containing at least a digit and some special char like ,.-_* as well as both upper-and lowercase chars, with a length of 8 minimum).
0
 

Author Comment

by:vicky_phadke
ID: 12306123
So there is no way i can unhash it?
Well I am diong the forget password thing. I need to send the user his forgotten password. Although i can generate a new password and give it to him. But then the basic need of unhashing would be defeated. What i feel is the thing that is encrypted can be decrypted provided we have all the keys.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306145
Well, hashing is NOT encrypting, but hashing. These are different things! If you want to encrypt it, there are also asymmetric and symmetric encryption algorithms contained in the .NET framework, which then can be used to decrypt it again. But the HASH is not an encryption!
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306190
Hashes are used for the verification of values. A hash has a fixed size (for instance, MD5 and SHA1 are 16 bytes AFAIR), independently of the size of the contents hashed. You can hash hundreds of GB into the 16 byte hash! Now, given that you hashed anything large, how would you expect to recover the original contents from the 16 bytes of the hash? It's not possible, or it would happen to be the perfect packing alogrithm *g*...

The point is that these 16 bytes of the hash are very very very very unlikely the same for any two hashed values. If you change one bit, or swap two bytes in the data you're hashing, you get a completely different hash, which does not look anything like the one of the unchanged contents. This means that even slight changes in the contents are reflected in the hash, but the changed hash gives you no clue how much and what has changed in the contents.

So, there is NO unhashing. Hashing is NOT an encryption, but a means to verify data integrity or data equality of an arbitrary amount of data. If you tamper with the data, the hash immediately becomes invalid. That's what a hash is made for.
0
 
LVL 4

Expert Comment

by:Farshid-Zaker
ID: 12306766
Hash algorithm like MD5 or SHA4 have not reverse solutions. If you want to regenerate password from encrypted value, you should use other encryption algorithms.

Farshid
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12540224
My comments accurately answered the questions asked.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12542094
vicky_phadke, what did you miss to give an A grade? What could I have done better? Thank you fro your feedback, so that I can give better comments in the future.
0

Featured Post

More Than Just A Video Library

Train for your certification. Learn the latest DevOps tools. Grow your skillset to do better work.

At Linux Academy, we release new training modules every week so you'll always be up to date on the latest tech.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It seems a simple enough task, yet I see repeated questions asking how to do it: how to pass data between two forms. In this article, I will show you the different mechanisms available for you to do just that. This article is directed towards the .N…
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question