Decrypt SHA1 value with C #

Question

Decrypt SHA1 value with C #

I have a PHP web service that I discovered passes my C # value to SHA-1. The data samples that are passed to me are "8cb2237d0679ca88db6464eac60da96345513964", which, as I know, translates to "12345".

How to translate a hashed value back to "12345" with code similar to the following

public static string HashCode(string str) { string rethash = ""; try { System.Security.Cryptography.SHA1 hash = System.Security.Cryptography.SHA1.Create(); System.Text.ASCIIEncoding encoder = new System.Text.ASCIIEncoding(); byte[] combined = encoder.GetBytes(str); hash.ComputeHash(combined); rethash = Convert.ToBase64String(hash.Hash); } catch (Exception ex) { string strerr = "Error in HashCode : " + ex.Message; } return rethash; }

EDIT *

Here is the RUBY code, which also works with "8cb2237d0679ca88db6464eac60da96345513964" and "12345"

 require "digest/sha1" class User attr_accessor :password def initialize(password) @password = hash_password(password) end def hash_password(password) Digest::SHA1.hexdigest(password) end def valid_password?(password) @password == hash_password(password) end end u = User.new("12345") p u.password # => "8cb2237d0679ca88db6464eac60da96345513964" p u.valid_password?("not valid") # => false p u.valid_password?("12345") # => true

+4

c # encryption sha1

user2019423 Jan 31 '13 at 16:30

source share

6 answers

Kingcronus · Answer 1 · 2013-01-31T17:04:52+0000

12345 will always display as 8cb2237d0679ca88db6464eac60da96345513964 with a direct hash.

This means that if you created a database for each possible result, you could theoretically find the result and see what the original input to the sha1 function was.

This is a security issue where problems such as dictionary attacks and Rainbow tables ( http://en.wikipedia.org/wiki/Rainbow_table ) are possible.

To get around this, you should never use a failed hash. those. you always set your hash using the value you know.

For example, sha1 ("12345" + "mySalt").

Now your hash is easy to generate, but not like any other person in the world who used sha1.

From a technical point of view, you should also never reuse the same salt twice, but this is a more complex concept.

EDIT . As indicated below, PBKDF2 and a random salt should be used, not a static and hash. Much better for security.

Avitus · Answer 2 · 2013-01-31T16:31:47+0000

You cannot decrypt the SHA1 hash because it is a one-way hash.

Another example of one-way hashing is MD5

Jim counts · Answer 3 · 2013-01-31T17:05:02+0000

The ruby code you sent does not change the hash.

This seems to be happening:

Get the password text, write it down and save.

Later, when he wants to verify that the “user” has entered the same password again, he receives the password text from the user, hashes it, and compares the hash value with the stored hash value.

This is a common way to store and verify passwords. Instead of decrypting the stored value for comparison, you added a new value and compared the two hash values.

Nickolay Olshevsky · Answer 4 · 2013-01-31T16:32:58+0000

Hashing is not a reversible operation, such as encryption.

Coder · Answer 5 · 2013-03-24T19:22:51+0000

The code you are looking for is

 SHA1 sha = new SHA1CryptoServiceProvider(); ASCIIEncoding encoder = new ASCIIEncoding(); byte[] combined = encoder.GetBytes(pin); string hash = BitConverter.ToString(sha.ComputeHash(combined)).Replace("-", "");

Where the contact is the value that is not being called and the hash is the value you want to compile

Justin donohoo · Answer 6 · 2013-01-31T16:33:28+0000

Hashing is not encryption. Hashing is one way and is used in most cases to verify data integrity.

Decrypt SHA1 value with C #

More articles: