tags:

views:

457

answers:

4
+1  Q: 

Unhashing a hash C#

Can someone reverse this handy hash code I'm using?

using System.Security.Cryptography;

public static string EncodePasswordToBase64(string password)
{  byte[] bytes   = Encoding.Unicode.GetBytes(password);
   byte[] inArray = HashAlgorithm.Create("SHA1").ComputeHash(bytes);
   return Convert.ToBase64String(inArray);
}

Everything I end up doing fails horribly :(.

+17  A: 

No, you can't reverse a hash. The typical process is to compare other input to the hash you have, to check if they are the same.

Like (pseudo):

initial  = Hash(password);
possible = Hash("test");

if( initial == possible ){
    // we infer that password = "test"
}

But note that SHA1, SHA0, and MD5 should no longer be used; (due to various degrees of breaking in each). You should use SHA-2

Noon Silk  2009-09-30 23:41:02
Silky hit the nail on the head, a hash is one-way, you could only reverse it through brute force options.
John Cavan  2009-09-30 23:43:18
A hash isn't necessarily one-way. For example hash(1) = 1 in Python, that's certainly reversible. A hash is only one-way if the size of the output string is less then the size of the input string.
Falaina  2009-10-01 00:13:00
Falaina: Sure, but two things: the definition of 'hash' is that it reduces the input to something smaller (http://en.wikipedia.org/wiki/Hash_function) and cryptographic hashes (context; as per this question) are irreversible by design (http://en.wikipedia.org/wiki/Cryptographic_hash_function#Properties)
Noon Silk  2009-10-01 00:21:08
OK, so you learn something new everyday :).
farina  2009-10-02 18:12:02
+4  A: 

The only real way of "unhashing" is using a rainbow table, which is a big table of hashes computed for all possible inputs. You look up the hash and get what was probably the original input.

http://en.wikipedia.org/wiki/Rainbow%5Ftable

Matt  2009-09-30 23:44:13
...which is why it's important to *salt* sensitive data before you store its hash. http://en.wikipedia.org/wiki/Salt_(cryptography)
Mark Rushakoff  2009-10-01 00:00:04
A: 

You cannot un-hash SHA1, MD5, or any other one-way hash method unfortunately. Though it is possible to undo BASE-64.

JonnyLitt  2009-09-30 23:48:03
Hashing is not encryption, it's hashing. Encryption uses a key and is reversible.
Noon Silk  2009-09-30 23:49:06
Ah my mistake, thanks.
JonnyLitt  2009-10-01 00:00:37
A: 

SHA is an NSA acronym for "Secure Hash Algorithm".

Secure Hashes are hard to reverse by definition -- otherwise they would not be Secure.

You need to use a reversible hash function if you want to be able to easily compute sources that will generate the same hash (and even then you might not get the original source due to hash collisions where more than one source input can result in the same hash output).

Adisak  2009-10-01 05:25:01

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?