Reputation: 67
How to decode the Salt + Hash Password in c#?
I am new to asp.net mvc language. I see this code using System.Security.Cryptography; for what I have search in Google it is for making a salt + hash passwords.
My question is can it be decode using c#?.
Upvotes: 0
Views: 4651
Answers (3)
Reputation: 44316
No. Not easily.
A Hash will take some text and produce a number ( usually )
eg, a md5 hash
password => 5f4dcc3b5aa765d61d8327deb882cf99
By the nature of the hash, there is no easy way to get back from the number to the original text "password"
But, for the semi clever hacker, you can generate hashes using a dictionary of all words and in reasonable time crack most hashed passwords because people use common combinations of words and symbols. So if you happen to get a list of hashed passwords you can run a dictionary attack on them. Anyone who uses "password" as their password will end up having the same hash.
So as a defense to that, if you add some text unique to each user, a Salt, say, your username, now you've made it harder :-
your string to hash becomes "Yukkipassword" which hashes to 52fbd06f5b93a51b3f3cd9e807a9f61c
Now everyone who uses "password" for their passsword will also have a different hash, and it becomes really difficult to dictionary attack the password
Upvotes: 0
Reputation: 2913
You would be correct in saying that.
The short answer is no. Hashing provides a 1-way interface for obscuring data where as encryption provides a 2-way interface for the encryption of data / decryption of encrypted data.
The only way an hash cant be 'decrypted' and I use that term loosely is by brute forcing via the hashing method. This is done by running a bunch of password and salt combinations through the same hashing method until a match is found to the original hash. However with a strong hashing method and password + salt this can become an almost impossible task.
Helpful Discussion: Fundamental difference between Hashing and Encryption algorithms
EDIT:
The link of the online cryptographer you provided uses what is known as a Symmetric-key algorithm. This means that a single key is used for the encryption and decryption of the data.
https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Upvotes: 1
Reputation: 714
Short answer: no.
See also https://en.wikipedia.org/wiki/Hash_function
Correctly salted hashes cannot be reverted, which is the point of doing that.
Upvotes: 1
Related Questions
- Hash and salt passwords in C#
- How to get Decrypted password from Password Hash and Salt without Password passing to decrypt c#
- Decrypting an encrypted password
- How to salt and hash a password value using c#?
- Decryption password using Salt in C#
- How to Decrypt Password in c# using Salt and Hash.?
- get string value of password from hash value
- How to decrypt hash password using C#?
- How to hash a password?
- C# Reading back encrypted passwords