How to decode a HMACSHA1 string

Blue_Jack
Blue_Jack used Ask the Experts™
on
static public string Encode(string password)
        {
            string encodedPassword = password;

            HMACSHA1 hash = new HMACSHA1();
            hash.Key = HexToByte(_machineKey.ValidationKey);
            encodedPassword =
              Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));

            return encodedPassword;
        }

        static private byte[] HexToByte(string hexString)
        {
            byte[] returnBytes = new byte[hexString.Length / 2];
            for (int i = 0; i < returnBytes.Length; i++)
                returnBytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);
            return returnBytes;
        }


How can I decode the above function? This is what I have tried
static public string DecodePassword(string password)
        {
            string returnValue;
            byte[] key = HexToByte(_machineKey.ValidationKey);
            HMACSHA1 hmacsha1 = new HMACSHA1(key);
            byte[] bytePassword = HexToByte(password);

            byte[] computedHash = hmacsha1.ComputeHash(bytePassword);
            returnValue =  System.Text.ASCIIEncoding.ASCII.GetString(computedHash);

            return returnValue;
        }
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
do you want to get the clear type password again ?
you hash an element.
that can't be reversed.

for a good sample using hmacsha1 have a look at:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hmacsha1.aspx

or look at a sample I added some minutes ago about encrypting and decrypting files - no problem to port that to string processing... just replace file ops with string operations
http://www.experts-exchange.com/Programming/Languages/C_Sharp/Q_25089188.html


Author

Commented:
Yes I want the clear type password again. I saw that article on mdsn but that is for decrypting a file I just need a string.  And the other article you did that is using the Rijndael not hmacsha1

Author

Commented:
This is what i came up with using the msdn. But it is not working correctly i dont get the string i put in
static public string DecodePassword(string password)
        {
            string returnValue;
            byte[] key = HexToByte(_machineKey.ValidationKey);
            HMACSHA1 hmacsha1 = new HMACSHA1(key);
            byte[] storedHash = new byte[hmacsha1.HashSize / 8];
            byte[] bytePassword = StrToByteArray(password);

            byte[] computedHash = hmacsha1.ComputeHash(bytePassword);
            returnValue =  System.Text.ASCIIEncoding.ASCII.GetString(computedHash);

            return returnValue;
        }

Author

Commented:
Why can't you reverse a hash?
Commented:
because a hash is kinda checksum.
you take a file -> build a hash -> send both to the reciever
he computes a hash of the file himself (with the exchanged key to use) and can determine if the message got altered by a third person.

[...]
Any change to the data or the hash value will result in a mismatch, because knowledge of the secret key is required to change the message and reproduce the correct hash value. Therefore, if the original and computed hash values match, the message is authenticated.
[...]

right from the link i posted.

I guess you need to use some symmetric algorithm - depending on what you want to do it will be easier to implement. Maybe there is a way to use hmacsha1 based mechanism to reach your goal.

F.e. we hash user-passwords for our shop with sha1. We can't resent a password to a user if she forgets it. She has to set a new one, because we can not recreate it.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial