I need to get the password which is Hashed in ASP.net

Question

I am storing all my passwords in the form hashed. I need to retrieve these passwords Eg

My password is "123456" I save this as hashed "3453474852dfdsfdsfdf" value.

I need to retrieve the original password from the hashed value. (Get Password).

How can I do that?. I am doing SHA1 hashing algorithm.

Answer 1

Theoretically you can't as the other comments have mentioned.

What I think Rick was trying to say if that if an attacker knew you were using the SHA1 algorithm for hashing and the salt you were using, they could make a mapping of hashes to passwords to attempt to retrieve passwords.

But to answer your question: no, you can't do this easily.

Answer 2

Not meaning to be rude here, but did you really understand why you were hashing the passwords in the first place?

Answer 3

Two interesting articles on the topic: You're Probably Storing Passwords Incorrectly and Rainbow Hash Cracking...

So it depends on what you plan to do (a password storage safe or storing password for users on a site, etc.). For the former usage, you can take a look at how KeePass works (it is open source).

Answer 4

If you're not using a salt then you could break the passwords using a dictionary attack.

EDIT: I realise his original question is how to retrieve a password he stored, but it amuses me to provide a solution to the more generic question implied by the question title.

Answer 5

You can't, that's what hashes are for. Because of that, many sites have an option to reset the password (i.e. putting into the db the hash of the new password you provided). You usually don't find the option to retrieve the current password (i.e. having it sent to you by mail).

If a website does offer this functionality, it means that they are not storing password hashes, but either plaintext or encrypted passwords. Since storing a hash is the best practice, you should steer clear from sited that offer password retrieval.

And you should steer clear from developping such a site yourself ;-)

Answer 6

You can't. The point of a hash function (as opposed to encryption) is that it's a one-way process. In other words, there can be multiple passwords which hash to the same value, and there's no way of going from the hash to the original password.

This is useful as you don't need any sort of "master password" or other secret which is required for two-way encryption - but it does mean you will never be able to get back the original password from the hashed value. If you really need the password, you'll have to use encryption/decryption instead of hashing.

Answer 7

You can't do that, that's the point of hash function. In fact, several password can give you the same hash, so even if you find a string that give you this hash it may not be the correct one.
If you need to find the password back, don't use hash use something like RSA.

Some links for you to read:

• http://en.wikipedia.org/wiki/Cryptographic_hash_function
• http://en.wikipedia.org/wiki/RSA

Answer 8

This is not possible. SHA1 is, very carefully and deliberately, a one-way function.

Why are you trying to recover the original password? It is not needed for authentication, because you simply hash the input password and compare the hash values.

If it is because the user forgot their password, then standard practice appears to be generating a randomized reset link and emailing it to the user.