I need to get a password that is posted to ASP.net.
I keep all my passwords hashed. I need to get these passwords For example,
My password is "123456" I am saving this as a hashed value "3453474852dfdsfdsfdf".
I need to get the original password from a hashed value. (Get password).
How can i do this? I am using SHA1 hashing algorithm.
source to share
Two interesting related articles: Maybe You Store Passwords Wrong and Rainbow Hash Cracking ...
So it depends on what you plan to do (store passwords securely or store passwords for users on the site, etc.). For your first use, you can see how KeePass works (it's open source).
source to share
It's impossible. SHA1 is very careful and deliberately one-way .
Why are you trying to recover the original password? It is not needed for authentication, because you just enter the input password and compare the hash values.
If it is because the user has forgotten their password, then standard practice seems to be to create a randomized reset link and send it to the user.
source to share
You can not. The point of hash function function (as opposed to encryption ) is that it is a one-way process. In other words, there can be multiple passwords whose hash has the same value and there is no way to go from the hash to the original password.
This is useful as you don't need any "master password" or other secret that is required for two-way encryption, but it means that you can never get back the original password from the hashed value.If you really need a password, you will have to use encryption / decryption instead of hashing.
source to share
You can't do that, that's the point of a hash function. In fact, multiple passwords can give you the same hash, so even if you find a string that gives you that hash, it might not be correct. If you need to find the password back then don't use a hash like RSA.
Some links to read:
source to share
You can't what hashes are for. Because of this, many sites have an option to reset the password (i.e. Entering the hash of the new password that you specified in the db). Usually you cannot find the current password (i.e. by mailing it).
If a website offers this functionality, it means they do not store password hashes, but both unencrypted and encrypted passwords. Since storing the hash is best practice, you should avoid choosing from a site that offers password lookups.
And you should avoid developing such a site yourself; -)
source to share
If you are not using salt , you can break passwords using a dictionary attack .
EDIT: I understand that his original question is how to recover the password he was storing, but I'm wondering if I can find a solution to the more general question implied by the question title.
source to share
In theory you can't, as other comments have mentioned.
I think what Rick was trying to say was that if the attacker knew you were using the SHA1 hashing algorithm and the salt you used, they could do a hash-to-password mapping to try and get the passwords.
But to answer your question: no, you cannot do this easily.
source to share