Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

unhashing the hashed string.(decrypt)

Posted on 2004-10-13
8
Medium Priority
?
1,194 Views
Last Modified: 2009-12-16
hi all
I am encoding the password to be inserted in the database using following piece of code.
------------------------------------------------------------------------------------------------------------------
     Dim oEncoder As UTF8Encoding
            Dim oMD5Hasher As MD5CryptoServiceProvider
 
            Dim byteHashedPassword As Byte()
 
            oMD5Hasher = New MD5CryptoServiceProvider
            oEncoder = New UTF8Encoding
            byteHashedPassword = oMD5Hasher.ComputeHash(oEncoder.GetBytes(sPassword & sUserName.ToLower))
'i insert bytehashedpassword in the db in password field which is of datatype binary
----------------------------------------------------------------------------------------------------------------
I have problem decrypting it.

Can somebody help me. I again want to decrypt(unhash) it to string from binary.

Thank you in advance
 
With Best Regards
Vivek Phadke
0
Comment
Question by:vicky_phadke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
8 Comments
 
LVL 14

Accepted Solution

by:
AvonWyss earned 1500 total points
ID: 12305735
You cannot unhash a hash. That would defeat it's purpose. The hash is a value which is different with a very high probability for each different string, so that the hash can be used as identifier for that given string. But you shall not be able to revert the hashing process, especially not MD5 and other cryptographic-grade hashes.

But what you can do is hash the password you've received with the same method and then compare the two hashes. If they are identical, you can safely assume that the passwords entered were equal.

The only way to "unhash" is by brute force attack, e.g. try every possible solution, hash it, and see if the hash is the one you were looking for. But this is not practical for longer and secure passwords (e.g. containing at least a digit and some special char like ,.-_* as well as both upper-and lowercase chars, with a length of 8 minimum).
0
 

Author Comment

by:vicky_phadke
ID: 12306123
So there is no way i can unhash it?
Well I am diong the forget password thing. I need to send the user his forgotten password. Although i can generate a new password and give it to him. But then the basic need of unhashing would be defeated. What i feel is the thing that is encrypted can be decrypted provided we have all the keys.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306145
Well, hashing is NOT encrypting, but hashing. These are different things! If you want to encrypt it, there are also asymmetric and symmetric encryption algorithms contained in the .NET framework, which then can be used to decrypt it again. But the HASH is not an encryption!
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 14

Expert Comment

by:AvonWyss
ID: 12306190
Hashes are used for the verification of values. A hash has a fixed size (for instance, MD5 and SHA1 are 16 bytes AFAIR), independently of the size of the contents hashed. You can hash hundreds of GB into the 16 byte hash! Now, given that you hashed anything large, how would you expect to recover the original contents from the 16 bytes of the hash? It's not possible, or it would happen to be the perfect packing alogrithm *g*...

The point is that these 16 bytes of the hash are very very very very unlikely the same for any two hashed values. If you change one bit, or swap two bytes in the data you're hashing, you get a completely different hash, which does not look anything like the one of the unchanged contents. This means that even slight changes in the contents are reflected in the hash, but the changed hash gives you no clue how much and what has changed in the contents.

So, there is NO unhashing. Hashing is NOT an encryption, but a means to verify data integrity or data equality of an arbitrary amount of data. If you tamper with the data, the hash immediately becomes invalid. That's what a hash is made for.
0
 
LVL 4

Expert Comment

by:Farshid-Zaker
ID: 12306766
Hash algorithm like MD5 or SHA4 have not reverse solutions. If you want to regenerate password from encrypted value, you should use other encryption algorithms.

Farshid
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12540224
My comments accurately answered the questions asked.
0
 
LVL 14

Expert Comment

by:AvonWyss
ID: 12542094
vicky_phadke, what did you miss to give an A grade? What could I have done better? Thank you fro your feedback, so that I can give better comments in the future.
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my previous two articles we discussed Binary Serialization (http://www.experts-exchange.com/A_4362.html) and XML Serialization (http://www.experts-exchange.com/A_4425.html). In this article we will try to know more about SOAP (Simple Object Acces…
This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question