asp.net encrypt and decript

Question

0.00/5 (No votes)

See more:

ASP.NET

How can i decrypt a password that had already encrypted using MD5 format in ASP.NET?

Posted 22-May-12 3:37am

amitghorpade29

Add a Solution

3 solutions

Solution 3

In addition to the answers by Manfred and lewax00: never use MD5 or SHA-1 for any security purposes. MD5 was proven to be broken in 2008, and SHA-1 flaw was found in 2005. Please see:
http://msdn.microsoft.com/en-us/library/system.windows.controls.mediaelement.mediaended%28v=vs.100%29.aspx[^],
http://en.wikipedia.org/wiki/SHA1[^].

Instead, I would advice using one of the algorithms from the SHA-2 family:
http://en.wikipedia.org/wiki/SHA2[^].

You will find implementation of all those algorithm in .NET:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].

—SA

Posted 22-May-12 9:03am

Sergey Alexandrovich Kryukov

Comments

Espen Harlinn 22-May-12 19:07pm

Good points :-D

Sergey Alexandrovich Kryukov 22-May-12 19:44pm

Thank you, Espen.
--SA

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

lewax00 · Accepted Answer · 2012-05-22T04:08:00

Solution 2

You should never need to decrypt a password. What you should do is make a hash of the password (as stated in Manfred's answer, MD5 is a hashing algorithm) and store that. To verify a password, hash it and see if it matches the previously hashed password.

Posted 22-May-12 4:08am

lewax00

Comments

Sergey Alexandrovich Kryukov 22-May-12 15:04pm

Good point, but I voted 4, because it's important to warn against MD5 (and SHA-1) -- both algorithms are found broken, not suitable for security. I recommend SHA-1 family. Please see my answer.
--SA

Manfred Rudolf Bihy · Accepted Answer · 2012-05-22T03:47:00

Solution 1

"... encrypted using MD5 format ...": No way, is encryption the same as a chryptographic hash. MD5[^] is a hashing algorithm and it works strictly one way. Once something has been hashed it can not be reconstructed from the hash.

Regards,

Manfred

[Edit - fixed your link - lewax00]

Posted 22-May-12 3:47am

Manfred Rudolf Bihy

Updated 22-May-12 4:05am

v2

Comments

Sergey Alexandrovich Kryukov 22-May-12 15:05pm

That is correct, but I voted 4. First, the point is: decryption is not required -- lewax00 made a point. Also, it's important to warn against MD5 (and SHA-1) -- both algorithms are found broken, not suitable for security. I recommend SHA-1 family. Please see my answer.
--SA

Espen Harlinn 22-May-12 19:06pm

5'ed!