Last post Jan 18, 2017 04:45 AM by priyalwalpita
Jan 18, 2017 03:29 AM|DMW2200|LINK
i know to encrypt password with SimpleCrypto.PBKDF2 using this method
var crypto = new SimpleCrypto.PBKDF2();
var encpass = crypto.Compute(realpassword);
saltpasswrod = crypto.Salt;
so how can i decrypt and get my realpassword if i have saltpasswrod
i want this for recover password secation
Jan 18, 2017 04:45 AM|priyalwalpita|LINK
According to the SimpleCrypto creators, it is implemented only hashing algorithms. SimpleCrypto is a simple cryptography library that wraps complex hashing algorithms for quick and simple usage.
So, the decryption is not a functionality with hashes. What you do is , create the hash with the new value (given password during login) using the same salt and compare hashes. So you need to save the salt along with your hashed passwords.
According to the industry standards , we do not recover passwords back into plain texts.
We should just allow user to create a new password.
ICryptoService cryptoService = new PBKDF2();
string password = "password";
//save this salt to the database
string salt = cryptoService.GenerateSalt();
//save this hash to the database
string hashedPassword = cryptoService.Compute(password);
//compare the password (this should be true since we are rehashing the same password and using the same generated salt)
string hashedPassword2 = cryptoService.Compute(password, salt);
bool isPasswordValid = cryptoService.Compare(hashedPassword, hashedPassword2);