Reputation: 39
How to get plaintext from hashed text?
So, I'm working on a project where I'm storing passwords in a mongoDB and using Python. Python do has bcrypt build-in module which allows us to hash a plaintext. Now, I can hash a password and store the hashed password in database. Cool. And If I want to know if saved (hashed password saved in database) is same as a given password or not. (i.e. If I hashed a password 'Password' and saved it in database, bcrypt allows us to compare this hashed password and a plain password to check if they are same or not) I can check it with some built in functions.
But, what I really want is, I want to take that hashed password and want to print original plaintext. (e.g. If I hashed a password (say Plain password is 'Password' and hashed password is 'Hashed_Password' ) and saved it in database along with UserID and email for a specific website, now at some point I want to know what was the UserID and Password. So I can get UserID (since I'm not gonna hash it) but I'll only be able to get hashed password (i.e. 'Hashed_Password) and not the real one (i.e. 'Password') I saved.)
I hope you can Understand my problem and give me a solution. In summary, is there a way to get plaintext (i.e. original text) from hashed text or Should I used any other method to do so (like encryption or something).
Upvotes: 0
Views: 5648
Answers (2)
Reputation: 27
From what I know,
We hash passwords so that even if the attacker gets access to the database the attacker will not be able to have the passwords without using a technique like brute force to get the password. I.E. assuming the attacker know how you hash the password a dictionary of passwords can be hashed and compared with the database to see which passwords match.
Now if you want to reverse the hash I am pretty sure that can't be done other than you trying the brute force method explained above. We can't reverse the hash but only guess by giving passwords.
In terms of encryption which is often used as another layer. For example you could use encryption before the hash and then hash the encrypted password. This way even if the attacker inputs the correct password and only hashes that password the attacker will simply not get it right when compaing the hashes.
Upvotes: 0
Reputation: 33
The whole purpose of hashing passwords before saving them in a databse is, others should not be able to see(calculate) the oraginal password from database.
Simply you cannot get oraginal value from a hashed value.
Upvotes: 1
Related Questions
- How to compare plain text password to hashed password using bcrypt?
- How do I decrypt using hashlib in python?
- bcrypt different hash for same string?
- How can I convert back to original string a bcrypt digest password?
- Getting a password to matches with its hash in a login function using Python, SQlite and bcrypt
- Getting error while hashing password using Bcrypt in Python
- How to fix bcrypt Type Error - "Unicode-objects must be encoded before hashing"
- Can I decrypt a Bcrypt hashed password with werkzeug.security's check_password_hash
- How to create a non-random salt from string for bcrypt.hashpw
- Retrieve text from Bcrypt hashed password