tags:

views:

457

answers:

4

Can someone reverse this handy hash code I'm using?

using System.Security.Cryptography;

public static string EncodePasswordToBase64(string password)
{  byte[] bytes   = Encoding.Unicode.GetBytes(password);
   byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
   return Convert.ToBase64String(inArray);
}

Everything I end up doing fails horribly :(.

+17  A: 

No, you can't reverse a hash. The typical process is to compare other input to the hash you have, to check if they are the same.

Like (pseudo):

initial  = Hash(password);
possible = Hash("test");

if( initial == possible ){
    // we infer that password = "test"
}

But note that SHA1, SHA0, and MD5 should no longer be used; (due to various degrees of breaking in each). You should use SHA-2

Noon Silk
Silky hit the nail on the head, a hash is one-way, you could only reverse it through brute force options.
John Cavan
A hash isn't necessarily one-way. For example hash(1) = 1 in Python, that's certainly reversible. A hash is only one-way if the size of the output string is less then the size of the input string.
Falaina
Falaina: Sure, but two things: the definition of 'hash' is that it reduces the input to something smaller (http://en.wikipedia.org/wiki/Hash_function) and cryptographic hashes (context; as per this question) are irreversible by design (http://en.wikipedia.org/wiki/Cryptographic_hash_function#Properties)
Noon Silk
OK, so you learn something new everyday :).
farina
+4  A: 

The only real way of "unhashing" is using a rainbow table, which is a big table of hashes computed for all possible inputs. You look up the hash and get what was probably the original input.

http://en.wikipedia.org/wiki/Rainbow%5Ftable

Matt
...which is why it's important to *salt* sensitive data before you store its hash. http://en.wikipedia.org/wiki/Salt_(cryptography)
Mark Rushakoff
A: 

You cannot un-hash SHA1, MD5, or any other one-way hash method unfortunately. Though it is possible to undo BASE-64.

JonnyLitt
Hashing is not encryption, it's hashing. Encryption uses a key and is reversible.
Noon Silk
Ah my mistake, thanks.
JonnyLitt
A: 

SHA is an NSA acronym for "Secure Hash Algorithm".

Secure Hashes are hard to reverse by definition -- otherwise they would not be Secure.

You need to use a reversible hash function if you want to be able to easily compute sources that will generate the same hash (and even then you might not get the original source due to hash collisions where more than one source input can result in the same hash output).

Adisak