How to decode Hash password to string in SHA 256

Question

1.00/5 (1 vote)

See more:

C#

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Net.Mail;
using System.Text;
namespace Ordering_System
{
    public partial class ForgetPassword : System.Web.UI.Page
    {
        string cs = Global.CS;
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btn_Submit_Click(object sender, EventArgs e)
        {
            string email = TextBox1.Text;
            string sql = "SELECT Username,Hash,MemEmail FROM Member";
            SqlConnection con = new SqlConnection(cs);
            SqlCommand cmd = new SqlCommand(sql, con);

            con.Open();
            if (con.State == ConnectionState.Open)
            {
                SqlDataReader dtr = cmd.ExecuteReader();

                while (dtr.Read())
                {
                    if (dtr[2].ToString().Equals(TextBox1.Text))
                    {
                        MailMessage mail = new MailMessage();
                        mail.To.Add(dtr[2].ToString());
                        mail.From = new MailAddress("redactedEmail@xxx.yyy");
                        mail.Subject = "Your userId and Password";
                        mail.Body = "<h2>DailyDemand<br />Username and Password Recovery</h2><br />Username :" + dtr[0].ToString() + "<br />" + "Password :" + dtr[1].ToString() + "";
                        mail.IsBodyHtml = true;
                        SmtpClient client = new SmtpClient();
                        client.Port = 587;
                        client.EnableSsl = true;
                        client.Timeout = 10000;
                        client.Host = "smtp.xxx.yyy";
                        client.DeliveryMethod = SmtpDeliveryMethod.Network;
                        client.UseDefaultCredentials = false;
                        client.Credentials = new System.Net.NetworkCredential("redactedEmail@xxx.yyy", "PASSWORD");
                        client.EnableSsl = true;
                        client.Send(mail);
                        Label1.Text = "Your Password already sent to your Email, Please Check ";


                        break;
                    }
                    else
                    {
                        Label1.Text = "Email is not Valid! Please Try Again! <br /> <a href="MemReg.aspx" style="color:Blue">Sign Up</a><br />";
                    }

                }
            }
        }
    }
}

[Edit: MTHeffron : redacted email addresses and password from code]

Posted 16-Mar-14 20:05pm

Member 10452585

Updated 7-Dec-15 7:35am

Matt T Heffron

v4

Add a Solution

4 solutions

Solution 2

In addition to Marcin Kozub[^] solution let me explain few things

Hashing is entirely different from encryption/encoding techniques.Encryption/Decryption process are reversible but Hashing is not reversible.Generate a hash for a password and compare it during sign in process.

Refer:
http://support.microsoft.com/kb/307020[^]

Posted 16-Mar-14 20:43pm

Tom Marvolo Riddle

Updated 16-Mar-14 20:50pm

v2

Solution 4

It is impossible, the SHA256 code is built from the password but is not an encoding of the password. So it is not possible to get back the password from the SHA256 code.

You can as well try to rebuild a message from its CRC code. SHA256 is the same principle, just more complicated to prevent forgery of a message that have a given SHA256 code.

Posted 6-Dec-15 15:20pm

Patrice T

Comments

George Jonsson 6-Dec-15 21:50pm

Asked and answered over a year ago.

Patrice T 6-Dec-15 22:01pm

Oops, I forgot to check the date.
Why did it came back on top of list ?
I see Solution 3 is guilty.

George Jonsson 6-Dec-15 22:04pm

Yup

Solution 3

There is no way of decoding a hashed thing like that. The hashing is a three step process. Step 1 - primary hashing - the data get hashed, then the resulting chain gets separated into blocks, each containing 64 symbols.
Step 2 - take the first block, separate the 64 symbols to 8 chains, each containing 8 symbols (let's call them a1-a8), and hash them 63 times according to some for me yet unknown algorithm. You will gain the result of 8 chains, each containing 8 numbers(b1-b8). So you will take a1 and add it to b1, same with a2 and b2, etc... Till a8 and b8. The results will be 8 chains each containing 8 symbols, let's call them c1-c8.
Step 3. Take next block, separate it into 8 chains each containing 8 symbols (let's call them d1-d8) and do the hashing as in step 2. Then take the resulting 8 chains of 8 symbols, let's call them e1-e8, and add them to the chains c1-c8. The result will be f1-f8. If there is no block left, skip the procedure. If there is, repeat step 3.

It doesn't matter how long the block is, the point is, that every 64th line of hashing is an addition of numbers we don't even know. As there are possibly 36 possible symbols (26 letters, 10 numbers), there are 36 possibilities for every symbol in the addition. There are 8 symbols in the chain, so even for the sole chain there are (36^8)*2, which is 36^9, possible ways how can you get that chain. The whole block contains 8 chains, so this huge number gets powered to 8th,which is 36^72, which equals to 6^144. This huge number is amount of possible Primary hashes of just that last block! Even if we take the strongest cracking device in the world, which makes 2^80 operations, it would take it a very long time to actually crack a 256 bit seed hash. And if there are more blocks, then the powered number gets powered even more.
Note. hashing algorithm are probably not that hard, but the immense operations numbers make it quite impossible.

Posted 6-Dec-15 11:19am

Member 12189846

Comments

George Jonsson 6-Dec-15 19:20pm

This question was asked and answered well over one year ago.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Marcin Kozub · Accepted Answer · 2014-03-16T20:20:00

Solution 1

You cannot decode SHA/MD5. They are only One Way Hashing algorythms. You will find good explanations here:
http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms[^]

Good start to encrypting/decrytping you will find here:
Encrypt and Decrypt Data with C#[^]

Posted 16-Mar-14 20:20pm

Marcin Kozub

Updated 16-Mar-14 20:24pm

v2

Comments

Tom Marvolo Riddle 17-Mar-14 2:23am

You're right +5;

Marcin Kozub 17-Mar-14 2:38am

Thx Jas!

Sampath Lokuge 17-Mar-14 3:17am

+ 5 :).Nice url.

Marcin Kozub 17-Mar-14 3:21am

Thx Sampath!