How to convert Md5Hash values to string..
i have convert string values to hash..
i have used the to method to convert MD5Hash to string
`
public static string ConvertStringtoMD5(string strword)
{
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(strword);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
`
string has=ConvertStringtoMD5("prasad");
its returns hash value = 'c246ad314ab52745b71bb00f4608c82a'
using this hash values i need to get the string called prasad
how can i achive this, can you suggest to achive this..
Hashes are one-way. They are not designed to be unencoded once they are encoded. That being said, they can be cracked using Rainbow Tables. To create your own rainbow table in C#, you can look at this article.
Keep in mind that Rainbow Tables do have limitations and do not work 100% of the time. This is especially true if the MD5 hash has been salted.
Hashing functions are only one way functions - there is no way to get the input.
You could try using e.g. rainbow tables, but because number of possible hashes is limited, there is a chance that you will get another string with the same MD5 hash instead of the input.
Hashing is one way function. This means that you can't get the original input by using the hashed output.
One of the ways to compare if two inputs are the same is to hash the new input and check it against the already hashed output you already have, then simply check if the values are the same. Keep in mind, that in some algorithms, collisions can occur, which means two different inputs might generate the same output.
MD5 is a one-way hash, you cannot (without brute force techniques) obtain the original string from the hash.
You can't reverse MD5 method, it's a hashing algorithm. There are infinite values that can result in the same hash string.
Related
How can i Decrypt the encrypted sctring in SHA512
static readonly string securityCode = "mJeb44V5grh0pTB6wgepSw==";
encrypted_Text = CreateSHAHash("12345");
public static string CreateSHAHash(string PasswordSHA512)
{
SHA512Managed sha512 = new SHA512Managed();
Byte[] EncryptedSHA512 = sha512.ComputeHash(Encoding.UTF8.GetBytes(string.Concat(PasswordSHA512, securityCode)));
sha512.Clear();
return Convert.ToBase64String(EncryptedSHA512);
}
In general, you can't "decrypt" a hashed string, because encryption is always a reversible transformation, and hashing is not reversible by design.
To see why hashing isn't reversible without needing to use any math, consider:
A SHA-512 hash is always exactly the same length.
That means there are only a finite number of messages it can encode.
But there are an infinite number of possible messages you might choose to hash.
By the pigeonhole principle, you cannot map an infinite number of messages into a finite number of hashes.
∴ You can't reverse a hash to the original message.
For a project I need to generate a SHA256 encrypted string in C#.
The requirements are Key: todaysDate and Value: "exampleString".
How can i realize that in C#? As far as I see the SHA256-Class does not contain a property for key in C#.
SHA256 isn't an encryption algorithm, it's a hash algorithm. In other words, it's a one way function whose job is to take an input of any length and produce an output of fixed length with low collisions that's always the same for the same input. Thus, it doesn't receive a key as an input because the nature of hashing is quite different from that of encryption.
If you want to encrypt something with a key and later decrypt it by having the same key, look into symmetric encryption like AES (e.g. using the AesManaged class).
You should do your own homework. If we do it for you, you learn nothing.
Also, as Theodoros mentioned, SHA256 is a hash, not encryption. A hash is a cryptographic checksum that is used to validate or compare data. It can not be reversed into the original plaintext, which is a requirement of encryption.
How can i realize that in C#? As far as I see the SHA256-Class does not contain a property for key in C#.
Either you or the person who gave you the assignment doesn't understand what is being asked.
SHA256 doesn't have a key or a value, it only has data going in and a hash coming out. No matter how much data you run through it, the size of the hash does not change, although it's value does. You can think of a hash as a fingerprint for a particular dataset.
Maybe something like this:
public static string sha256_hash(string sValue) {
StringBuilder oResHash = new StringBuilder();
using (SHA256 oHash = SHA256Managed.Create()) {
Encoding oEnc = Encoding.UTF8;
byte[] baResult = oHash.ComputeHash(oEnc.GetBytes(sValue));
foreach (byte b in baResult)
oResHash.Append(b.ToString("x2"));
}
return oResHash.ToString();
}
I found the following code that is used to hash a password before storing it in an MSSQL database (the column is of type NVARCHAR).
string HashPassword(string password)
{
var encoding = Encoding.UTF8,
var plainBytes = encoding.GetBytes(password);
var hashedBytes = MD5.Create().ComputeHash(plainBytes);
return encoding.GetString(hashedBytes); //<-- Bad practice?
}
At first I thought it was really strange to try and store random bytes as an UTF8 string and that I should change this to Base64 encoding. But are there any real implications of doing it this way other than bad practice?
And also; if anyone would get a hold of the database doesn't this mean that it would be impossible to use a rainbow table or similar to try and brute reverse the hashes since the original bytes are lost?
You're weakening the security by reducing the number of possible strings that will be encoded. Any time your hash ends up being an invalid UTF-8 sequence, you'll end up with U+FFFD as the output character (the Unicode "replacement" character). That means multiple hashes end up with the same string:
using System;
using System.Text;
class Program
{
static void Main(string[] args)
{
byte[] hash1 = FillBytes(128);
byte[] hash2 = FillBytes(129);
string text1 = Encoding.UTF8.GetString(hash1);
string text2 = Encoding.UTF8.GetString(hash2);
Console.WriteLine(text1 == text2);
}
static byte[] FillBytes(byte data)
{
byte[] bytes = new byte[16];
for (int i = 0; i < bytes.Length; i++)
{
bytes[i] = data;
}
return bytes;
}
}
It's also possible that the text returned by GetString won't be correctly stored in SQL Server, depending on how you've got it configured. (If the field is set up so that it can store anything in Unicode, that part is okay.) If it is losing data, that's even worse - the stored correct hash won't match the computed correct hash, so someone typing in the right password will still be denied access. As I say, this may not be a problem - but you haven't given us enough information to say for sure, so it's at least worth considering. This part wouldn't be a problem if you used Base64 or hex, both of which end up with ASCII data.
Using MD5 to hash a password is a bad idea to start with - weakening it still further with a lossy text transformation is worse. It makes it significantly easier for an attacker to find an incorrect password that still ends up with the same text.
I would suggest:
You use a more secure hashing approach (e.g. bcrypt or PBKDF2) - see Jeff Atwood's blog post for more details (and read a security book for more still)
To store the hash, either use a blob (store the bytes directly) or convert to base64 or hex in order to preserve the full information.
This may work, however is really a bad practice. At least conversion will depend on local charset.
I have code to generate SHA512 from string.
public static string GetCrypt(string text)
{
string hash = "";
SHA512 alg = SHA512.Create();
byte[] result = alg.ComputeHash(Encoding.UTF8.GetBytes(text));
hash = Encoding.UTF8.GetString(result);
return hash;
}
Now I must convert hash back to string. Any ideas how can it be done? Thank you.
Hashes are 1-way. You can't get it back (easily). you might want actual encryption.
Yes. Hashes are one-way. Please use symmetric encryption classes like RijndaelManaged.
Here is a RijndaelSimple class that I am using:
http://www.obviex.com/samples/encryption.asp
The cached version of the same link is here:
http://webcache.googleusercontent.com/search?q=cache:WyVau-XgIzkJ:www.obviex.com/samples/encryption.asp&hl=en&prmd=imvns&strip=1
You cant convert a hash back to string from which you computed the hash.
If you want it then you would have to compare the hash with each of the target strings hash.
If one of them matches with the hash,then that hash comes from the target string.
Its use: If you want to store passwords in database,you can store its hashes instead of passwords.So even if a hacker gets access to your database,he cant get the password cuz it is hashed.The only way to know the string through which we created the hash is to match it with the desired string!
Can someone reverse this handy hash code I'm using?
using System.Security.Cryptography;
public static string EncodePasswordToBase64(string password)
{ byte[] bytes = Encoding.Unicode.GetBytes(password);
byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
return Convert.ToBase64String(inArray);
}
Everything I end up doing fails horribly :(.
No, you can't reverse a hash. The typical process is to compare other input to the hash you have, to check if they are the same.
Like (pseudo):
initial = Hash(password);
possible = Hash("test");
if( initial == possible ){
// we infer that password = "test"
}
But note that SHA1, SHA0, and MD5 should no longer be used; (due to various degrees of breaking in each). You should use SHA-2
The only real way of "unhashing" is using a rainbow table, which is a big table of hashes computed for all possible inputs. You look up the hash and get what was probably the original input.
http://en.wikipedia.org/wiki/Rainbow_table
You cannot un-hash SHA1, MD5, or any other one-way hash method unfortunately. Though it is possible to undo BASE-64.
SHA is an NSA acronym for "Secure Hash Algorithm".
Secure Hashes are hard to reverse by definition -- otherwise they would not be Secure.
You need to use a reversible hash function if you want to be able to easily compute sources that will generate the same hash (and even then you might not get the original source due to hash collisions where more than one source input can result in the same hash output).