stackoom
  简体   繁体   中英

How to decode the Salt + Hash Password in c#?

 原文  2016-09-27 01:11:13       c#/ cryptography

Question

I am new to asp.net mvc language. I see this code using System.Security.Cryptography; for what I have search in Google it is for making a salt + hash passwords.

My question is can it be decode using c#?.

3 answers

solution1
 1  2016-09-27 01:21:12

Short answer: no.

See also https://en.wikipedia.org/wiki/Hash_function

Correctly salted hashes cannot be reverted, which is the point of doing that.

solution2
 1 ACCPTED  2016-09-27 01:21:27

You would be correct in saying that.

The short answer is no. Hashing provides a 1-way interface for obscuring data where as encryption provides a 2-way interface for the encryption of data / decryption of encrypted data.

The only way an hash cant be 'decrypted' and I use that term loosely is by brute forcing via the hashing method. This is done by running a bunch of password and salt combinations through the same hashing method until a match is found to the original hash. However with a strong hashing method and password + salt this can become an almost impossible task.

Helpful Discussion: Fundamental difference between Hashing and Encryption algorithms

EDIT:

The link of the online cryptographer you provided uses what is known as a Symmetric-key algorithm. This means that a single key is used for the encryption and decryption of the data.

https://en.wikipedia.org/wiki/Symmetric-key_algorithm

solution3
 0  2016-09-27 01:45:59

No. Not easily.

A Hash will take some text and produce a number ( usually )

eg, a md5 hash 

password =>  5f4dcc3b5aa765d61d8327deb882cf99

By the nature of the hash, there is no easy way to get back from the number to the original text "password"

But, for the semi clever hacker, you can generate hashes using a dictionary of all words and in reasonable time crack most hashed passwords because people use common combinations of words and symbols. So if you happen to get a list of hashed passwords you can run a dictionary attack on them. Anyone who uses "password" as their password will end up having the same hash.

So as a defense to that, if you add some text unique to each user, a Salt, say, your username, now you've made it harder :-

your string to hash becomes " Yukkipassword " which hashes to 52fbd06f5b93a51b3f3cd9e807a9f61c

Now everyone who uses "password" for their passsword will also have a different hash, and it becomes really difficult to dictionary attack the password

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to salt and hash a password value using c#? How to Decrypt Password in c# using Salt and Hash.? C# hash password create salt question How to get Decrypted password from Password Hash and Salt without Password passing to decrypt c# MD5 hash with salt for keeping password in DB in C# Hash password with random salt using JavaScript and validate from C# Hash and salt passwords in C# How to Store salt and hashed password Database in C# How to easily salt a password in a C# windows form application? c# sha256 compute password hash by using username as salt
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM