Click here to Skip to main content
15,883,603 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
How to decrypt password i have Encrypt Password for below code i want password Decrypt in c#
C#
public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
        {
            // If salt is not specified, generate it.
            if (saltBytes == null)
            {
                // Define min and max salt sizes.
                int minSaltSize = 4;
                int maxSaltSize = 8;

                // Generate a random number for the size of the salt.
                Random random = new Random();
                int saltSize = random.Next(minSaltSize, maxSaltSize);

                // Allocate a byte array, which will hold the salt.
                saltBytes = new byte[saltSize];

                // Initialize a random number generator.
                RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

                // Fill the salt with cryptographically strong byte values.
                rng.GetNonZeroBytes(saltBytes);
            }

            // Convert plain text into a byte array.
            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

            // Allocate array, which will hold plain text and salt.
            byte[] plainTextWithSaltBytes =
            new byte[plainTextBytes.Length + saltBytes.Length];

            // Copy plain text bytes into resulting array.
            for (int i = 0; i < plainTextBytes.Length; i++)
                plainTextWithSaltBytes[i] = plainTextBytes[i];

            // Append salt bytes to the resulting array.
            for (int i = 0; i < saltBytes.Length; i++)
                plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];

            HashAlgorithm hash;

            // Make sure hashing algorithm name is specified.
            if (hashAlgorithm == null)
                hashAlgorithm = "";

            // Initialize appropriate hashing algorithm class.
            switch (hashAlgorithm.ToUpper())
            {

                case "SHA384":
                    hash = new SHA384Managed();
                    break;

                case "SHA512":
                    hash = new SHA512Managed();
                    break;

                default:
                    hash = new MD5CryptoServiceProvider();
                    break;
            }

            // Compute hash value of our plain text with appended salt.
            byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);

            // Create array which will hold hash and original salt bytes.
            byte[] hashWithSaltBytes = new byte[hashBytes.Length +
            saltBytes.Length];

            // Copy hash bytes into resulting array.
            for (int i = 0; i < hashBytes.Length; i++)
                hashWithSaltBytes[i] = hashBytes[i];

            // Append salt bytes to the result.
            for (int i = 0; i < saltBytes.Length; i++)
                hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];

            // Convert result into a base64-encoded string.
            string hashValue = Convert.ToBase64String(hashWithSaltBytes);

            // Return the result.
            return hashValue;
        }


What I have tried:

How to decrypt password i have Encrypt Password for below code i want password Decrypt in c#
C#
public static string ComputeHash(string plainText, string hashAlgorithm, byte[] saltBytes)
{
    // If salt is not specified, generate it.
    if (saltBytes == null)
    {
        // Define min and max salt sizes.
        int minSaltSize = 4;
        int maxSaltSize = 8;

        // Generate a random number for the size of the salt.
        Random random = new Random();
        int saltSize = random.Next(minSaltSize, maxSaltSize);

        // Allocate a byte array, which will hold the salt.
        saltBytes = new byte[saltSize];

        // Initialize a random number generator.
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();

        // Fill the salt with cryptographically strong byte values.
        rng.GetNonZeroBytes(saltBytes);
    }

    // Convert plain text into a byte array.
    byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

    // Allocate array, which will hold plain text and salt.
    byte[] plainTextWithSaltBytes =
    new byte[plainTextBytes.Length + saltBytes.Length];

    // Copy plain text bytes into resulting array.
    for (int i = 0; i < plainTextBytes.Length; i++)
        plainTextWithSaltBytes[i] = plainTextBytes[i];

    // Append salt bytes to the resulting array.
    for (int i = 0; i < saltBytes.Length; i++)
        plainTextWithSaltBytes[plainTextBytes.Length + i] = saltBytes[i];

    HashAlgorithm hash;

    // Make sure hashing algorithm name is specified.
    if (hashAlgorithm == null)
        hashAlgorithm = "";

    // Initialize appropriate hashing algorithm class.
    switch (hashAlgorithm.ToUpper())
    {

        case "SHA384":
            hash = new SHA384Managed();
            break;

        case "SHA512":
            hash = new SHA512Managed();
            break;

        default:
            hash = new MD5CryptoServiceProvider();
            break;
    }

    // Compute hash value of our plain text with appended salt.
    byte[] hashBytes = hash.ComputeHash(plainTextWithSaltBytes);

    // Create array which will hold hash and original salt bytes.
    byte[] hashWithSaltBytes = new byte[hashBytes.Length +
    saltBytes.Length];

    // Copy hash bytes into resulting array.
    for (int i = 0; i < hashBytes.Length; i++)
        hashWithSaltBytes[i] = hashBytes[i];

    // Append salt bytes to the result.
    for (int i = 0; i < saltBytes.Length; i++)
        hashWithSaltBytes[hashBytes.Length + i] = saltBytes[i];

    // Convert result into a base64-encoded string.
    string hashValue = Convert.ToBase64String(hashWithSaltBytes);

    // Return the result.
    return hashValue;
}
Posted
Updated 29-Mar-16 0:49am
v2

First off, SHA is not an Encryption algorithm - it's a Hashing algorithm. The big difference between them is that Encryption can be reversed by Decryption to get teh original input back, and Hashing can't - it throws away information and you cannot get the original input back from the hashed value.

The good news is that that is exactly what you want to do! Hashing is the right way to handle passwords - you should never encrypt them as that is bad for security! :laugh:
See here: Password Storage: How to do it.[^] - it explains how to use the hashed value to validate your user.
 
Share this answer
 
v2
Comments
hemant kolekar 29-Mar-16 5:07am    
Okif not possible Password Decryption in SHA Algoritm then How to Decrypt Password in original input is another Algorithm
glen205 29-Mar-16 5:14am    
The question is - why do you need to decrypt your passwords?

1) you want to see if the user entered the correct password:
- in this case - DON'T try to decrypt the stored password - hash the user-entered password and compare the hashes!

2) you want to retrieve the password for some use (maybe a reminder email or on-screen for a support operator)
- this is very bad security practice. The user should be guided to reset their password, never sent a copy of it. Remember email is plain-text, unencrypted, and easy to intercept, copy and modify.
- Nobody in a data/support centre should ever be able to see a user's password. In short (and as OriginalGriff and his linked article says).
not being able to decrypt == doing it right.
hemant kolekar 29-Mar-16 5:25am    
ok,
i have create one application where use is hash algorithm for password.but user is forget password then admin person which is send mail to user password in original input
so i need this time in decrypted format.
OriginalGriff 29-Mar-16 5:32am    
No. Don't do it that way.
If the user forgets the password, set it to a random value (I use a GUID) and send them that to the registered email address, with instructions on how to change the password to something they will remember. (Hence the GUID - nobody wants to try and remember of type them, so they will change it as fast as possible)
Never try to store recoverable passwords: it's a horrible hole in security, not only for your site, but for a load of others, as most users try to use the same password for as many sites as possible.
SHA is not an encryption algo, thus it can't be reversed it is by design.
Quote:
if not possible Password Decryption in SHA Algoritm then How to Decrypt Password in original input is another Algorithm
The only method is to calc the hash of every single possible password until you find 1 that give the same hash code. That is brut force.
Quote:
i have create one application where use is hash algorithm for password.but user is forget password then admin person which is send mail to user password in original input
so i need this time in decrypted format.
Other solutions exist. For example allow the user to register a second time as new user with same Email adress, then have the admin copy the password code in old account. You can device any other procedure that don't involve decrypting the password.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900