?
Solved

unhashing the hashed string.(decrypt)

Posted on 2004-10-13
8
Medium Priority
?
1,179 Views
Last Modified: 2009-12-16
hi all
I am encoding the password to be inserted in the database using following piece of code.
------------------------------------------------------------------------------------------------------------------
     Dim oEncoder As UTF8Encoding
            Dim oMD5Hasher As MD5CryptoServiceProvider
 
            Dim byteHashedPassword As Byte()
 
            oMD5Hasher = New MD5CryptoServiceProvider
            oEncoder = New UTF8Encoding
            byteHashedPassword = oMD5Hasher.ComputeHash(oEncoder.GetBytes(sPassword & sUserName.ToLower))
'i insert bytehashedpassword in the db in password field which is of datatype binary
----------------------------------------------------------------------------------------------------------------
I have problem decrypting it.

Can somebody help me. I again want to decrypt(unhash) it to string from binary.

Thank you in advance
 
With Best Regards
Vivek Phadke
0
Comment
Question by:vicky_phadke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
8 Comments
 
LVL 14

Accepted Solution

by:
AvonWyss earned 1500 total points
ID: 12305735
You cannot unhash a hash. That would defeat it's purpose. The hash is a value which is different with a very high probability for each different string, so that the hash can be used as identifier for that given string. But you shall not be able to revert the hashing process, especially not MD5 and other cryptographic-grade hashes.

But what you can do is hash the password you've received with the same method and then compare the two hashes. If they are identical, you can safely assume that the passwords entered were equal.

The only way to "unhash" is by brute force attack, e.g. try every possible solution, hash it, and see if the hash is the one you were looking for. But this is not practical for longer and secure passwords (e.g. containing at least a digit and some special char like ,.-_* as well as both upper-and lowercase chars, with a length of 8 minimum).
0
 

Author Comment

by:vicky_phadke
ID: 12306123
So there is no way i can unhash it?
Well I am diong the forget password thing. I need to send the user his forgotten password. Although i can generate a new password and give it to him. But then the basic need of unhashing would be defeated. What i feel is the thing that is encrypted can be decrypted provided we have all the keys.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306145
Well, hashing is NOT encrypting, but hashing. These are different things! If you want to encrypt it, there are also asymmetric and symmetric encryption algorithms contained in the .NET framework, which then can be used to decrypt it again. But the HASH is not an encryption!
0
RHCE - Red Hat OpenStack Prep Course

This course will provide in-depth training so that students who currently hold the EX200 & EX210 certifications can sit for the EX310 exam. Students will learn how to deploy & manage a full Red Hat environment with Ceph block storage, & integrate Ceph into other OpenStack service

 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306190
Hashes are used for the verification of values. A hash has a fixed size (for instance, MD5 and SHA1 are 16 bytes AFAIR), independently of the size of the contents hashed. You can hash hundreds of GB into the 16 byte hash! Now, given that you hashed anything large, how would you expect to recover the original contents from the 16 bytes of the hash? It's not possible, or it would happen to be the perfect packing alogrithm *g*...

The point is that these 16 bytes of the hash are very very very very unlikely the same for any two hashed values. If you change one bit, or swap two bytes in the data you're hashing, you get a completely different hash, which does not look anything like the one of the unchanged contents. This means that even slight changes in the contents are reflected in the hash, but the changed hash gives you no clue how much and what has changed in the contents.

So, there is NO unhashing. Hashing is NOT an encryption, but a means to verify data integrity or data equality of an arbitrary amount of data. If you tamper with the data, the hash immediately becomes invalid. That's what a hash is made for.
0
 
LVL 4

Expert Comment

by:Farshid-Zaker
ID: 12306766
Hash algorithm like MD5 or SHA4 have not reverse solutions. If you want to regenerate password from encrypted value, you should use other encryption algorithms.

Farshid
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12540224
My comments accurately answered the questions asked.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12542094
vicky_phadke, what did you miss to give an A grade? What could I have done better? Thank you fro your feedback, so that I can give better comments in the future.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary Displaying images in RichTextBox is a common requirement with limited solutions available. Pasting through clipboard or embedding into RTF content only support static images.  This article describes how to insert Windows control objects int…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question