I terms of "decrypting" the original value, you can't. With hash algorithms the encryption is one way and the original "lost", but each time you pass a value through your algorithm you will get same "encrypted" hash value.
In terms of using this for login, you hash the password to be checked with the algorithm you already have and make sure the
hashes match.
Note that because the hashing algorithm always results in the same hash this introduces a potential security risk, let's say hypothetically you hash the password "password"
password ---SHA1---> DEADBEEF
this would be the same for user1, user 2, user 99 as long as they entered password. You can query such tables to find the common hashes: these are all likely to be weak. The most common password will be "password" if you haven't enforced a policy.
To increase the security you can salt the hash:
- Create a set of random bytes to add to the password to be hashed this is the salt
- Append the salt to the password
- Create the hash which is now a salted hash
- Store the salt and the salted-hash in the database (in different columns!!)
As the hash is irreversible J Random Cracker cannot see what an unsalted hash looks like and cannot find the potentially weak passwords. When logging in, you must
salt the password to be checked with the value from the database, hash and check it matches the stored salted hash.
Submit an article or tip