locked
How to decrypt by using Password Salt. RRS feed

  • Question

  • User1997423929 posted

    How I can decrypt password if it is encrypted by using Password Salt. In my database it is showing like this :

    Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc=

    PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==

    Please help me.

    Friday, February 22, 2019 12:29 PM

Answers

  • User475983607 posted

    How I can decrypt password if it is encrypted by using Password Salt. In my database it is showing like this :

    Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc=

    PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==

    Please help me.

    By definition a hash is one way encryption and cannot be decrypted.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, February 22, 2019 12:34 PM

All replies

  • User475983607 posted

    How I can decrypt password if it is encrypted by using Password Salt. In my database it is showing like this :

    Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc=

    PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==

    Please help me.

    By definition a hash is one way encryption and cannot be decrypted.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, February 22, 2019 12:34 PM
  • User-821857111 posted

    You cannot decrypt passwords that have been hashed. Hashes are designed to be irreversible. Hopefully, you have used a robust third party API to hash the password in the first place. If you have, it should also provide a way to compare submitted values against ones that you have stored.

    You can read about the basics of hashing here: https://www.mikesdotnetting.com/article/200/the-simplemembershipprovider-secure-passwords-and-the-crypto-helper

    Friday, February 22, 2019 12:38 PM
  • User753101303 posted

    Hi,

    You likely can't. Passwords are "hashed" rather than "encrypted". That is from the clear text password input, an output value is computed from which you are not supposed to be able to retrieve the input value.

    When a user logs, the provided password is hashed again and the output is compared to see if it matches the hashed value found in the db.

    It allows to verify passwords but store them using a illegible format (and the salt is designed to make retrieving the original value even harder).

    What are you trying to do ? ASP.NET offers the needed support out of the box to handle that properly (for example to hash a provided password and check if it is valid).

    Friday, February 22, 2019 12:41 PM
  • User1997423929 posted

    I want to verify the password. This is password is stored in database by using default sign up page of vs 2010.

    Monday, February 25, 2019 4:36 AM
  • User-1174608757 posted

    Hi Adwin Jha,

    According to your description,firstly hashes are designed to be irreversible,you couldn't decrypt the hash code else it is meaningless.

     

    verify the password

    Could you please show the verify  mean ? If you want to verify the format of password ,it has no connection with encryption of password.You could verify the password before it is hashed.

    Best Regards

    Wei Zhang

    Monday, February 25, 2019 5:43 AM
  • User1997423929 posted

    Hi Wei Zhang, 

    As per my description, I have given two things (i.e. Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg==) now from this I want a string value (Suppose I have enter password "qwerty", system are storing my password in database like this Password : GhZw6qTU7bWYy0qmH2Qq2s6MOhc= and PasswordSalt : oz/b/2xp1f/pzOc1UDYMPg== and now I want a string(qwerty) ). If hashed are designed to be irreversible, then how system are authenticating when user give their credentials. 

    If you can help me to get string value with the help of password and password salt, then also my problem will get solve.

    Hi Adwin Jha,

    According to your description,firstly hashes are designed to be irreversible,you couldn't decrypt the hash code else it is meaningless.

     

    Adwin Jha

    verify the password

    Could you please show the verify  mean ? If you want to verify the format of password ,it has no connection with encryption of password.You could verify the password before it is hashed.

    Best Regards

    Wei Zhang

    Monday, February 25, 2019 6:56 AM
  • User753101303 posted

    With a hash value the password provided by the user is hashed again and the resulting value compared with the hash stored in the db. The whole idea is precisely that it allows to check the password WITHOUT storing something that allows to easily retrieve the password value.

    Monday, February 25, 2019 8:42 AM
  • User409696431 posted

    Can you explain why you want to verify the password?  As has been said, you can't look at the actual password.

    The standard login control (Webforms) or login page (MVC) verifies the password by hashing the password that is entered and comparing that hashed result to the hashed result in the database.  You don't need to do that verification yourself.

    Tuesday, February 26, 2019 5:36 AM
  • User1997423929 posted

    Can you explain why you want to verify the password?  As has been said, you can't look at the actual password.

    The standard login control (Webforms) or login page (MVC) verifies the password by hashing the password that is entered and comparing that hashed result to the hashed result in the database.  You don't need to do that verification yourself.

    Actually I want to use same password for my another application also. 

    Tuesday, February 26, 2019 5:48 AM
  • User409696431 posted

    You can't do it the way you are trying to do it.   If you use the same machine key settings, not auto generate, for both applications (assuming webforms) you can copy the users' database tables to the database for the other application, for existing users.   Then see:  https://docs.microsoft.com/en-us/previous-versions/aspnet/eb0zx8fc(v=vs.100) for more details of how to set up entries in the web.config if you have two webforms applications on different domains, and want the same credentials to work for both. 

    Tuesday, February 26, 2019 6:07 AM