You cannot decrypt passwords that have been hashed. Hashes are designed to be irreversible. Hopefully, you have used a robust third party API to hash the password in the first place. If you have, it should also provide a way to compare submitted values against
ones that you have stored.
You likely can't. Passwords are "hashed" rather than "encrypted". That is from the clear text password input, an output value is computed from which you are not supposed to be able to retrieve the input value.
When a user logs, the provided password is hashed again and the output is compared to see if it matches the hashed value found in the db.
It allows to verify passwords but store them using a illegible format (and the salt is designed to make retrieving the original value even harder).
What are you trying to do ? ASP.NET offers the needed support out of the box to handle that properly (for example to hash a provided password and check if it is valid).
According to your description,firstly hashes are designed to be irreversible,you couldn't decrypt the hash code else it is meaningless.
Adwin Jha
verify the password
Could you please show the verify mean ? If you want to verify the format of password ,it has no connection with encryption of password.You could verify the password before it is hashed.
As per my description, I have given two things (i.e. Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==) now from this I want a string value (Suppose I have enter password "qwerty", system are storing my
password in database like this Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg== and now I want a string(qwerty) ). If hashed are designed to be irreversible, then how system are authenticating when user give
their credentials.
If you can help me to get string value with the help of password and password salt, then also my problem will get solve.
Wei Zhang
Hi Adwin Jha,
According to your description,firstly hashes are designed to be irreversible,you couldn't decrypt the hash code else it is meaningless.
Adwin Jha
verify the password
Could you please show the verify mean ? If you want to verify the format of password ,it has no connection with encryption of password.You could verify the password before it is hashed.
With a hash value the password provided by the user is hashed again and the resulting value compared with the hash stored in the db. The whole idea is precisely that it allows to check the password WITHOUT storing something that allows to easily retrieve
the password value.
Can you explain why you want to verify the password? As has been said, you can't look at the actual password.
The standard login control (Webforms) or login page (MVC) verifies the password by hashing the password that is entered and comparing that hashed result to the hashed result in the database. You don't need to do that verification yourself.
Can you explain why you want to verify the password? As has been said, you can't look at the actual password.
The standard login control (Webforms) or login page (MVC) verifies the password by hashing the password that is entered and comparing that hashed result to the hashed result in the database. You don't need to do that verification yourself.
Actually I want to use same password for my another application also.
You can't do it the way you are trying to do it. If you use the same machine key settings, not auto generate, for both applications (assuming webforms) you can copy the users' database tables to the database for the other application, for existing users.
Then see: https://docs.microsoft.com/en-us/previous-versions/aspnet/eb0zx8fc(v=vs.100) for more details of how to set up entries in the web.config if you have two webforms
applications on different domains, and want the same credentials to work for both.
Member
10 Points
52 Posts
How to decrypt by using Password Salt.
Feb 22, 2019 12:29 PM|Adwin Jha|LINK
How I can decrypt password if it is encrypted by using Password Salt. In my database it is showing like this :
Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc=
PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==
Please help me.
All-Star
42601 Points
18121 Posts
Re: How to decrypt by using Password Salt.
Feb 22, 2019 12:34 PM|mgebhard|LINK
By definition a hash is one way encryption and cannot be decrypted.
All-Star
190052 Points
27583 Posts
Moderator
Re: How to decrypt by using Password Salt.
Feb 22, 2019 12:38 PM|Mikesdotnetting|LINK
You cannot decrypt passwords that have been hashed. Hashes are designed to be irreversible. Hopefully, you have used a robust third party API to hash the password in the first place. If you have, it should also provide a way to compare submitted values against ones that you have stored.
You can read about the basics of hashing here: https://www.mikesdotnetting.com/article/200/the-simplemembershipprovider-secure-passwords-and-the-crypto-helper
All-Star
45560 Points
16517 Posts
Re: How to decrypt by using Password Salt.
Feb 22, 2019 12:41 PM|PatriceSc|LINK
Hi,
You likely can't. Passwords are "hashed" rather than "encrypted". That is from the clear text password input, an output value is computed from which you are not supposed to be able to retrieve the input value.
When a user logs, the provided password is hashed again and the output is compared to see if it matches the hashed value found in the db.
It allows to verify passwords but store them using a illegible format (and the salt is designed to make retrieving the original value even harder).
What are you trying to do ? ASP.NET offers the needed support out of the box to handle that properly (for example to hash a provided password and check if it is valid).
Member
10 Points
52 Posts
Re: How to decrypt by using Password Salt.
Feb 25, 2019 04:36 AM|Adwin Jha|LINK
I want to verify the password. This is password is stored in database by using default sign up page of vs 2010.
Participant
1270 Points
522 Posts
Re: How to decrypt by using Password Salt.
Feb 25, 2019 05:43 AM|Wei Zhang|LINK
Hi Adwin Jha,
According to your description,firstly hashes are designed to be irreversible,you couldn't decrypt the hash code else it is meaningless.
Could you please show the verify mean ? If you want to verify the format of password ,it has no connection with encryption of password.You could verify the password before it is hashed.
Best Regards
Wei Zhang
Member
10 Points
52 Posts
Re: How to decrypt by using Password Salt.
Feb 25, 2019 06:56 AM|Adwin Jha|LINK
Hi Wei Zhang,
As per my description, I have given two things (i.e. Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==) now from this I want a string value (Suppose I have enter password "qwerty", system are storing my password in database like this Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg== and now I want a string(qwerty) ). If hashed are designed to be irreversible, then how system are authenticating when user give their credentials.
If you can help me to get string value with the help of password and password salt, then also my problem will get solve.
All-Star
45560 Points
16517 Posts
Re: How to decrypt by using Password Salt.
Feb 25, 2019 08:42 AM|PatriceSc|LINK
With a hash value the password provided by the user is hashed again and the resulting value compared with the hash stored in the db. The whole idea is precisely that it allows to check the password WITHOUT storing something that allows to easily retrieve the password value.
Contributor
4931 Points
1919 Posts
Re: How to decrypt by using Password Salt.
Feb 26, 2019 05:36 AM|KathyW|LINK
Can you explain why you want to verify the password? As has been said, you can't look at the actual password.
The standard login control (Webforms) or login page (MVC) verifies the password by hashing the password that is entered and comparing that hashed result to the hashed result in the database. You don't need to do that verification yourself.
Member
10 Points
52 Posts
Re: How to decrypt by using Password Salt.
Feb 26, 2019 05:48 AM|Adwin Jha|LINK
Actually I want to use same password for my another application also.
Contributor
4931 Points
1919 Posts
Re: How to decrypt by using Password Salt.
Feb 26, 2019 06:07 AM|KathyW|LINK
You can't do it the way you are trying to do it. If you use the same machine key settings, not auto generate, for both applications (assuming webforms) you can copy the users' database tables to the database for the other application, for existing users. Then see: https://docs.microsoft.com/en-us/previous-versions/aspnet/eb0zx8fc(v=vs.100) for more details of how to set up entries in the web.config if you have two webforms applications on different domains, and want the same credentials to work for both.