473,320 Members | 1,872 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Decrypting SHA1 Hash

Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam
Nov 20 '05 #1
8 43188
The point to a hash is that you can't decrypt it.

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #2
"Adam Carpenter" <ad************@ntlworld.com> scripsit:
I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!


You cannot get the original data from the hash code.

--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Nov 20 '05 #3
Hi Adam, a hash cannot be decrypted, that is the point of them.

The only way to determine what the hash was originally is to compare it with
the hashed version of the original data, hashes are unique.

You could brute force your hash, but that takes a lot of processing time,
about a few billion years.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
: Hello,
:
: I have my users passwords stored to my DB hashs created using
: SHA1CryptoServiceProvider, here is the function:
:
: Public Shared Function EncryptPassword(ByVal password As String) As Byte()
: Dim encoding As New UnicodeEncoding()
: Dim hashBytes As Byte() = encoding.GetBytes(password)
: ' Compute the SHA-1 hash
: Dim sha1 As New SHA1CryptoServiceProvider()
: Dim cryptPassword = sha1.ComputeHash(hashBytes)
: Return cryptPassword
: End Function
:
: Question is, how can I decrypt the password so my 'forgot password' logic
: can mail it to them? I can't seem to find a method anywhere!?!
:
: Many thanks in advance.
:
: Adam
:
:
Nov 20 '05 #4
"Tom Spink" <th**********@ntlworld.com> scripsit:
The only way to determine what the hash was originally is to compare it with
the hashed version of the original data, hashes are unique.

You could brute force your hash, but that takes a lot of processing time,
about a few billion years.


<http://www.distributed.net/>

--
Herfried K. Wagner
MVP · VB Classic, VB.NET
<http://www.mvps.org/dotnet>
Nov 20 '05 #5
Hi Herfried, (you're for it now <grins>)

Hardly realistic for 'Forgotten Password' logic ;-)

If Adam's still watching the thread, then perhaps he should provide 'Reset
Password' logic instead.

--
HTH,
-- Tom Spink, Über Geek

Please respond to the newsgroup,
so all can benefit

" System.Reflection Master "

==== Converting to 2002 ====
Remove inline declarations
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:O5**************@TK2MSFTNGP12.phx.gbl...
: "Tom Spink" <th**********@ntlworld.com> scripsit:
: > The only way to determine what the hash was originally is to compare it
with
: > the hashed version of the original data, hashes are unique.
: >
: > You could brute force your hash, but that takes a lot of processing
time,
: > about a few billion years.
:
: <http://www.distributed.net/>
:
: --
: Herfried K. Wagner
: MVP · VB Classic, VB.NET
: <http://www.mvps.org/dotnet>
Nov 20 '05 #6
Have your "forgot password" logic create a NEW password for them and mail
them that one.

Otherwise you are trying to solve something that can't be easily solved.

Jerry

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #7
Creating a new password is the way to go. This also adds some security
because lets say that an unauthorized user can obtain via the "forgot
password". Now, the unauthorized user can use the system, but the REAL user
can too. He doesn't know anything has happened.

Making the password be reset makes any legit users to know of it (since they
no longer can login), and any breach via this method will be discovered
faster.

-mike
MVP

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #8
Hello,

Thank you very much for your comments. Given what has been said I am going
to persue a reset password route in combination with some additional
security questions. I totally agree that the less information I can expose
the better especially given the point that some raised that users would tend
to use the same password accross multiple sites.

Thanks again,

Adam

"Adam Carpenter" <ad************@ntlworld.com> wrote in message
news:OI**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have my users passwords stored to my DB hashs created using
SHA1CryptoServiceProvider, here is the function:

Public Shared Function EncryptPassword(ByVal password As String) As Byte()
Dim encoding As New UnicodeEncoding()
Dim hashBytes As Byte() = encoding.GetBytes(password)
' Compute the SHA-1 hash
Dim sha1 As New SHA1CryptoServiceProvider()
Dim cryptPassword = sha1.ComputeHash(hashBytes)
Return cryptPassword
End Function

Question is, how can I decrypt the password so my 'forgot password' logic
can mail it to them? I can't seem to find a method anywhere!?!

Many thanks in advance.

Adam

Nov 20 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Elmo Mäntynen | last post by:
I know how to make a hash(using mhash), but instead of encoded as hex I want it in base32 for use with the bitzi catalog. python-bitzi is useful but way too slow for just getting the hash of a...
2
by: Bryan Olson | last post by:
The current Python standard library provides two cryptographic hash functions: MD5 and SHA-1 . The authors of MD5 originally stated: It is conjectured that it is computationally infeasible to...
5
by: Michael H | last post by:
Hi all, I guess I don't fully understand how a SHA1 hash value is calculated in C# / .NET for a large file... I'm trying to calculate SHA1 values for large files that are much larger than my...
0
by: Dil via .NET 247 | last post by:
Fresher to .NET Aiming to produce a resulting hash of length 24 CHARACTERS, using MD5 or SHA1 Algorithms. According to the Class Libraries, the hash size for the SHA1 algorithm is 160 bits, and...
2
by: johnnyG | last post by:
Greetings, I'm studying for the 70-330 Exam using the MS Press book by Tony Northrup and there are 2 side-by-side examples of using the SHA1CryptoServiceProvider to create a hash value from a...
1
by: Wayne Deleersnyder | last post by:
Hi All, I was going to write and ask if someone could help me fix the formatting of my output for hash values, but I believe I got it right now. But, because I couldn't find any website or...
2
by: amygdala | last post by:
Hi, Does anybody now of a custom crypt function that implements sha1? The thing I like about crypt is that I don't have to worry about (re)generating salt when querying the database. Or are...
7
by: php.developer2007 | last post by:
I want to know to decode sha1 encoded url into normal url. Example www.example.com/<sha1 code>/index1.htm I want this to www.example.com/index1.htm
6
by: LaundroMat | last post by:
Hi - I'm trying to calculate unique hash values for binary files, independent of their location and filename, and I was wondering whether I'm going in the right direction. Basically, the hash...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.