By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,683 Members | 1,398 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,683 IT Pros & Developers. It's quick & easy.

Decrypting SHA1 Hash

P: n/a
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam
Nov 20 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
The point to a hash is that you can't decrypt it.

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #2

P: n/a
"Adam Carpenter" <ad************@ntlworld.com> scripsit:
I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!


You cannot get the original data from the hash code.

--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Nov 20 '05 #3

P: n/a
Hi Adam, a hash cannot be decrypted, that is the point of them.

The only way to determine what the hash was originally is to compare it with
the hashed version of the original data, hashes are unique.

You could brute force your hash, but that takes a lot of processing time,
about a few billion years.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
: Hello,
:
: I have my users passwords stored to my DB hashs created using
: SHA1CryptoServiceProvider, here is the function:
:
: Public Shared Function EncryptPassword(ByVal password As String) As Byte()
: Dim encoding As New UnicodeEncoding()
: Dim hashBytes As Byte() = encoding.GetBytes(password)
: ' Compute the SHA-1 hash
: Dim sha1 As New SHA1CryptoServiceProvider()
: Dim cryptPassword = sha1.ComputeHash(hashBytes)
: Return cryptPassword
: End Function
:
: Question is, how can I decrypt the password so my 'forgot password' logic
: can mail it to them? I can't seem to find a method anywhere!?!
:
: Many thanks in advance.
:
: Adam
:
:
Nov 20 '05 #4

P: n/a
"Tom Spink" <th**********@ntlworld.com> scripsit:
The only way to determine what the hash was originally is to compare it with
the hashed version of the original data, hashes are unique.

You could brute force your hash, but that takes a lot of processing time,
about a few billion years.


<http://www.distributed.net/>

--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Nov 20 '05 #5

P: n/a
Hi Herfried, (you're for it now <grins>)

Hardly realistic for 'Forgotten Password' logic ;-)

If Adam's still watching the thread, then perhaps he should provide 'Reset
Password' logic instead.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:O5**************@TK2MSFTNGP12.phx.gbl...
: "Tom Spink" <th**********@ntlworld.com> scripsit:
: > The only way to determine what the hash was originally is to compare it
with
: > the hashed version of the original data, hashes are unique.
: >
: > You could brute force your hash, but that takes a lot of processing
time,
: > about a few billion years.
:
: <http://www.distributed.net/>
:
: --
: Herfried K. Wagner
: MVP · VB Classic, VB.NET
: <http://www.mvps.org/dotnet>
Nov 20 '05 #6

P: n/a
Have your "forgot password" logic create a NEW password for them and mail
them that one.

Otherwise you are trying to solve something that can't be easily solved.

Jerry

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #7

P: n/a
Creating a new password is the way to go. This also adds some security
because lets say that an unauthorized user can obtain via the "forgot
password". Now, the unauthorized user can use the system, but the REAL user
can too. He doesn't know anything has happened.

Making the password be reset makes any legit users to know of it (since they
no longer can login), and any breach via this method will be discovered
faster.

-mike
MVP

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #8

P: n/a
Hello,

Thank you very much for your comments. Given what has been said I am going
to persue a reset password route in combination with some additional
security questions. I totally agree that the less information I can expose
the better especially given the point that some raised that users would tend
to use the same password accross multiple sites.

Thanks again,

Adam

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.