This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 6 years ago.
I am encrypting my password using below code.
public static string GetSHA1HashData(string password)
{
//create new instance of md5
SHA1 sha1 = SHA1.Create();
//convert the input text to array of bytes
byte[] hashData = sha1.ComputeHash(Encoding.Default.GetBytes(password));
//create new instance of StringBuilder to save hashed data
StringBuilder returnValue = new StringBuilder();
//loop for each byte and add it to StringBuilder
for (int i = 0; i < hashData.Length; i++)
{
returnValue.Append(hashData[i].ToString());
}
// return hexadecimal string
return returnValue.ToString();
}
But I also want to create code for Decryption. I've tried, but couldn't a good solution. So could you help me on this?
Here I used System.Security.Cryptography => SHA1 : HashAlgorithm
Thanks in advance.
Hash value can't be decrypted:
Hash is short (say, 256-bit only), while String is arbitrary long (up to 2GB), so there're many Strings with the same hash (ambiguity)
Hash algorithm (SHA1) has been specially designed such that it's a difficult task to find out a string that has given hash value (complexity)
Instead of decrypting, compare hash values: if user provides a password that has the same hash value that a stored hash, then the password is correct one.
Related
I need to validate (not decrypt) a password created in Symfony 2 in C#.
An existing application built in Symfony 2 is being rewritten in C#. The security token is stored in a local database.
The current Symfony password settings are
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
API\CoreEntityBundle\Entity\User:
algorithm: sha512
iterations: 512
encode_as_base64: true
How can I reliably hash the given password and compare against the stored token to determine if the password supplied is correct?
If your password is salted: Concatenate the password with the "{salt}" (such that "EncodedPassword{SaltUsed}" is the final string), store in salted. If it's not just store the password in salted.
Hash salted using sha512, store in digest
Repeat iterations - 1 times (511 in your case):
Concatenate digest and salted
Hash concatenation using sha512, store result in digest for next iteration
Base64 Encode the final digest.
You can also take a look at Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder for the implementation.
This is a working version.
string CalculateHash(string plain, string salt)
{
var salted = $"{plain}{{{salt}}}";
var saltedBytes = Encoding.UTF8.GetBytes(salted);
using (var sha512 = SHA512.Create())
{
var digest = sha512.ComputeHash(saltedBytes);
var outputBytes = new byte[digest.Length + saltedBytes.Length];
for (var iteration = 1; iteration < 512; iteration++)
{
Buffer.BlockCopy(digest, 0, outputBytes, 0, digest.Length);
Buffer.BlockCopy(saltedBytes, 0, outputBytes, digest.Length, saltedBytes.Length);
digest = sha512.ComputeHash(outputBytes);
}
var result = Convert.ToBase64String(digest);
return result;
}
This question already has answers here:
MD5 hashing does not match in C# and PHP
(2 answers)
Closed 5 years ago.
in C# I'm trying to get a hashed md5 value of a password like so:
string sb = textBox2.Text;
byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes(sb);
byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(sb);
sb = System.Convert.ToBase64String(plainTextBytes);
in php I get that value by using md5 command,
echo md5("megusia94");
the input in both cases are the same,
yet the output in PHP is: d1e44ad921daadaf8defadcd21c8644a
while in C# the output is: bWVndXMpYTk0
What am I doing wrong? I've searched this forum and tried:
MD5 hashing does not match in C# and PHP
c# md5 and php md5 not match
You are not comparing the same two things.
What you are comparing is the base64-representation of the ASCII-encoded input string with the actual MD5 hash (in HEX representation) from PHP.
Instead look at this:
byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes("megusia94");
byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
Console.WriteLine(hashedString);
It correctly produces the hash d1e44ad921daadaf8defadcd21c8644a, which is the same as the one you get from PHP.
PHP md5:
Returns the hash as a 32-character hexadecimal number.
Your C# code:
Returns the hash with base64 encoding.
This question already has answers here:
Is it possible to decrypt MD5 hashes?
(24 answers)
Closed 7 years ago.
I want to encrypt a string value with md5 and then decrypt it so I so that it possible with a key. So I searched how to do this and I found only one other alghorithm.
This is the encryption class:
class crypt
{
public string encrypt(string bhash)
{
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(bhash));
byte[] result = md5.Hash;
StringBuilder strBuilder = new StringBuilder();
for (int i = 0; i < result.Length; i++)
{
strBuilder.Append(result[i].ToString("x2"));
}
bhash = strBuilder.ToString();
return bhash;
}
}
The only way to decrypt an md5 encryption is through brute forcing all the possible original content.
There is no algorithm for decryption. You must test out all possible values and encrypt them and check for a match to find the original value.
This question already has answers here:
How can I unhash a hash using C#?
(4 answers)
Closed 8 years ago.
I have this asp.net project that I need to hash the password (preferably with salt) and save it in sql database then unhash it for comparing with the login password or sth like that....
the thing is I'm not sure what is the best way to do it in a most secure way and how can I code this in C#?
You do not unhash. That's the point of hashing: it cannot be reversed.
You look up the salt, then you hash the password that they entered together with the salt. If the hash is the same as the hash in the database, it's a valid login.
Maybe take a look here:
Salted password hashing
First of all you cannot recover the hashed data. Its one way process. But you can match hashed data. To do so check the code given below :
Do this inside your button click event
string salt = GetSalt(10); // 10 is the size of Salt
string hashedPass = HashPassword(salt, Password.Text);
This are the functions that will help your to hash the password
const string alphanumeric = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
public static string GetSalt(int saltSize)
{
Random r = new Random();
StringBuilder strB = new StringBuilder("");
while ((saltSize--) > 0)
strB.Append(alphanumeric[(int)(r.NextDouble() * alphanumeric.Length)]);
return strB.ToString();
}
public static string HashPassword(string salt, string password)
{
string mergedPass = string.Concat(salt, password);
return EncryptUsingMD5(mergedPass);
}
public static string EncryptUsingMD5(string inputStr)
{
using (MD5 md5Hash = MD5.Create())
{
// Convert the input string to a byte array and compute the hash.
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(inputStr));
// Create a new Stringbuilder to collect the bytes
// and create a string.
StringBuilder sBuilder = new StringBuilder();
// Loop through each byte of the hashed data
// and format each one as a hexadecimal string.
for (int i = 0; i < data.Length; i++)
sBuilder.Append(data[i].ToString("x2"));
// Return the hexadecimal string.
return sBuilder.ToString();
}
}
Similarly, when you try to match the password to authenticate the user, perform the same method just fetch your hashed password from your database and compare them. If the entered hashed password matches the database hashed password, its an authorized user.
Updated :
When you hash the password of the user for the first time and then store into database in the same table store the salt for that user.
Next time when you try to compare the password, fetch that salt of the user from the database and hash it using to compare with the
hashed password in the database.
Hope that answers your Question.
I am trying to generate a Unix-Style password hash using MD5. I undestand that I need it to look like $1$<salt>$<hash>, but the <hash> part does not look the same, no matter what I do. Here is how I generate the hash:
MD5 md5 = System.Security.Cryptography.MD5.Create();
byte[] inputBytes = System.Text.Encoding.UTF8.GetBytes(pass);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append((char) hash[i]);
}
String calchash = sb.ToString();
I am pretty sure that it is now I am using the StringBuilder to make a string from the hashed bytes. But I don't know what the right settings would be.
Unix md5 crypt doesn't use plain md5. That would be insecure, because plain md5 is fast, and password hashes should be slow.
I found a relevant code-project article: http://www.codeproject.com/KB/recipes/Unix_md5crypt.aspx
It's about formatting. The Unix password hash is in hex format, while you're writing it down in binary. Replace the loop body with:
sb.Append(hash[i].ToString("x").PadLeft(2,'0'));
I think you should use hash[i].ToString("X") instead of just converting to char. Because hash bytes may be in any range from 0 to 255, which is not like md5 hash is looking.