How to decrypt password

Question

0.00/5 (No votes)

See more:

How to decrypt password i have Encrypt Password for below code i want password Decrypt in c#

C#

public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
        {
            // If salt is not specified, generate it.
            if (saltBytes == null)
            {
                // Define min and max salt sizes.
                int minSaltSize = 4;
                int maxSaltSize = 8;

                // Generate a random number for the size of the salt.
                Random random = new Random();
                int saltSize = random.Next(minSaltSize, maxSaltSize);

                // Allocate a byte array, which will hold the salt.
                saltBytes = new byte[saltSize];

                // Initialize a random number generator.
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

                // Fill the salt with cryptographically strong byte values.
                rng.GetNonZeroBytes(saltBytes);
            }

            // Convert plain text into a byte array.
            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

            // Allocate array, which will hold plain text and salt.
            byte[] plainTextWithSaltBytes =
            new byte[plainTextBytes.Length + saltBytes.Length];

            // Copy plain text bytes into resulting array.
            for (int i = 0; i < plainTextBytes.Length; i++)
                plainTextWithSaltBytes[i] = plainTextBytes[i];

            // Append salt bytes to the resulting array.
            for (int i = 0; i < saltBytes.Length; i++)
                plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];

            HashAlgorithm hash;

            // Make sure hashing algorithm name is specified.
            if (hashAlgorithm == null)
                hashAlgorithm = "";

            // Initialize appropriate hashing algorithm class.
            switch (hashAlgorithm.ToUpper())
            {

                case "SHA384":
                    hash = new SHA384Managed();
                    break;

                case "SHA512":
                    hash = new SHA512Managed();
                    break;

                default:
                    hash = new MD5CryptoServiceProvider();
                    break;
            }

            // Compute hash value of our plain text with appended salt.
            byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);

            // Create array which will hold hash and original salt bytes.
            byte[] hashWithSaltBytes = new byte[hashBytes.Length +
            saltBytes.Length];

            // Copy hash bytes into resulting array.
            for (int i = 0; i < hashBytes.Length; i++)
                hashWithSaltBytes[i] = hashBytes[i];

            // Append salt bytes to the result.
            for (int i = 0; i < saltBytes.Length; i++)
                hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];

            // Convert result into a base64-encoded string.
            string hashValue = Convert.ToBase64String(hashWithSaltBytes);

            // Return the result.
            return hashValue;
        }

What I have tried:

How to decrypt password i have Encrypt Password for below code i want password Decrypt in c#

C#

public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
    // If salt is not specified, generate it.
    if (saltBytes == null)
    {
        // Define min and max salt sizes.
        int minSaltSize = 4;
        int maxSaltSize = 8;

        // Generate a random number for the size of the salt.
        Random random = new Random();
        int saltSize = random.Next(minSaltSize, maxSaltSize);

        // Allocate a byte array, which will hold the salt.
        saltBytes = new byte[saltSize];

        // Initialize a random number generator.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

        // Fill the salt with cryptographically strong byte values.
        rng.GetNonZeroBytes(saltBytes);
    }

    // Convert plain text into a byte array.
    byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

    // Allocate array, which will hold plain text and salt.
    byte[] plainTextWithSaltBytes =
    new byte[plainTextBytes.Length + saltBytes.Length];

    // Copy plain text bytes into resulting array.
    for (int i = 0; i < plainTextBytes.Length; i++)
        plainTextWithSaltBytes[i] = plainTextBytes[i];

    // Append salt bytes to the resulting array.
    for (int i = 0; i < saltBytes.Length; i++)
        plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];

    HashAlgorithm hash;

    // Make sure hashing algorithm name is specified.
    if (hashAlgorithm == null)
        hashAlgorithm = "";

    // Initialize appropriate hashing algorithm class.
    switch (hashAlgorithm.ToUpper())
    {

        case "SHA384":
            hash = new SHA384Managed();
            break;

        case "SHA512":
            hash = new SHA512Managed();
            break;

        default:
            hash = new MD5CryptoServiceProvider();
            break;
    }

    // Compute hash value of our plain text with appended salt.
    byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);

    // Create array which will hold hash and original salt bytes.
    byte[] hashWithSaltBytes = new byte[hashBytes.Length +
    saltBytes.Length];

    // Copy hash bytes into resulting array.
    for (int i = 0; i < hashBytes.Length; i++)
        hashWithSaltBytes[i] = hashBytes[i];

    // Append salt bytes to the result.
    for (int i = 0; i < saltBytes.Length; i++)
        hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];

    // Convert result into a base64-encoded string.
    string hashValue = Convert.ToBase64String(hashWithSaltBytes);

    // Return the result.
    return hashValue;
}

Posted 28-Mar-16 22:45pm

hemant kolekar

Updated 29-Mar-16 0:49am

VR Karthikeyan

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2016-03-28T22:54:00

Solution 1

First off, SHA is not an Encryption algorithm - it's a Hashing algorithm. The big difference between them is that Encryption can be reversed by Decryption to get teh original input back, and Hashing can't - it throws away information and you cannot get the original input back from the hashed value.

The good news is that that is exactly what you want to do! Hashing is the right way to handle passwords - you should never encrypt them as that is bad for security! :laugh:
See here: Password Storage: How to do it.[^] - it explains how to use the hashed value to validate your user.

Posted 28-Mar-16 22:54pm

OriginalGriff

v2

Comments

hemant kolekar 29-Mar-16 5:07am

Okif not possible Password Decryption in SHA Algoritm then How to Decrypt Password in original input is another Algorithm

glen205 29-Mar-16 5:14am

The question is - why do you need to decrypt your passwords?

1) you want to see if the user entered the correct password:
- in this case - DON'T try to decrypt the stored password - hash the user-entered password and compare the hashes!

2) you want to retrieve the password for some use (maybe a reminder email or on-screen for a support operator)
- this is very bad security practice. The user should be guided to reset their password, never sent a copy of it. Remember email is plain-text, unencrypted, and easy to intercept, copy and modify.
- Nobody in a data/support centre should ever be able to see a user's password. In short (and as OriginalGriff and his linked article says).
not being able to decrypt == doing it right.

hemant kolekar 29-Mar-16 5:25am

ok,
i have create one application where use is hash algorithm for password.but user is forget password then admin person which is send mail to user password in original input
so i need this time in decrypted format.

OriginalGriff 29-Mar-16 5:32am

No. Don't do it that way.
If the user forgets the password, set it to a random value (I use a GUID) and send them that to the registered email address, with instructions on how to change the password to something they will remember. (Hence the GUID - nobody wants to try and remember of type them, so they will change it as fast as possible)
Never try to store recoverable passwords: it's a horrible hole in security, not only for your site, but for a load of others, as most users try to use the same password for as many sites as possible.

Patrice T · Answer 2 · 2016-03-29T00:49:00

SHA is not an encryption algo, thus it can't be reversed it is by design.

Quote:
if not possible Password Decryption in SHA Algoritm then How to Decrypt Password in original input is another Algorithm

The only method is to calc the hash of every single possible password until you find 1 that give the same hash code. That is brut force.

Quote:
i have create one application where use is hash algorithm for password.but user is forget password then admin person which is send mail to user password in original input
so i need this time in decrypted format.

Other solutions exist. For example allow the user to register a second time as new user with same Email adress, then have the admin copy the password code in old account. You can device any other procedure that don't involve decrypting the password.