Decrypt password encrypted using Exec master.dbo.xp_sha1

Question

I want to decrypt passwords stored in my database on Sql Server 2008 which were encrypted using Exec master.dbo.xp_sha1 @Password, @EncPassword output .Is it possible to decrypt?

encrypted passwords look like this : xxstgggettebbqyyayujjweee

Thanks

Answer 1

xp_sha1 is a not standard master stored procedure, it is not included in any sql server i've seen, but doing a quick google i came across: http://www.xpcrypt.com/xpho/xp_sha1.htm

As I stated in my answer/comments in your question Encrypt passwords on Sql Server 2008 using SHA1 encryption is not the same thing as hashing. SHA1 is a hash, not an encryption. Encryption can be undone, hashing cannot.

The links called out in the answer for the last question go through this in some detail, but here are several articles specifically around the differences between encryption and hashing:

Difference between Hashing a Password and Encrypting it

http://www.darkreading.com/safely-storing-user-passwords-hashing-vs-encrypting/a/d-id/1269374

Please Understand that there is a fundamental difference between encrypting and hashing.

If you encrypt "password" to "123809dsfajsfoiwj" as an example, knowing the key and encryption method, you can arrive back at "password" through an appropriate decrypt.

Using SHA1 and hashing "password" there is no way to ever reverse the hashed "jdsfioajd0f98uas" (example) back to the original "password". Hashes are created the same each time given the same input, so hashes are compared to hashes for "validating passwords". You never arrive back at the original.