Decrypt

Discussion in 'ASP .Net' started by Vishal, Nov 26, 2004.

  1. Vishal

    Vishal Guest

    Vishal, Nov 26, 2004
    #1
    1. Advertising

  2. why do you want to decrypt it? have you forgotten it :)

    if you just want to check the incoming password then just encrypt that too,
    and compare the two encrypted versions.

    -
    AM



    "Vishal" <> wrote in message
    news:081001c4d3ec$7236e7c0$...
    > Hello,
    >
    > I used this article
    > (http://aspnet.4guysfromrolla.com/articles/103002-
    > 1.2.aspx) to encrypt my password. Now I need to decrypt
    > the password again to a string. Is that possible, if so
    > how?
    >
    > Thanks
     
    Aamir Mahmood, Nov 26, 2004
    #2
    1. Advertising

  3. MD5 is a hashing algorighm. This is a one-way encrypt. You cannot decrypt
    this password. Only thing you can do is use the same hashing function you
    used to hash the password the first time..then compare it to the hashed
    password to the one stored in the database. This article explains this in
    the Limitations of Storing Encrypted Passwords in the Database section


    "Vishal" wrote:

    > Hello,
    >
    > I used this article
    > (http://aspnet.4guysfromrolla.com/articles/103002-
    > 1.2.aspx) to encrypt my password. Now I need to decrypt
    > the password again to a string. Is that possible, if so
    > how?
    >
    > Thanks
    >
     
    =?Utf-8?B?VGFtcGEgLk5FVCBLb2Rlcg==?=, Nov 26, 2004
    #3
  4. Vishal

    Jeff Louie Guest

    Vishal... I think you must have misunderstood the purpose of the MD5
    algorithm. It is designed to create a "message digest". This allows you
    to
    verify a password without actually storing the password on the server.
    As
    such, it is a one way algorithm, designed to make it difficult to
    compute the
    original password from the message digest. For example, a crude method
    would be to XOR all of the bytes in a password and store the result on
    the
    server creating a crude message digest.

    Regards,
    Jeff
    >I used this article

    (http://aspnet.4guysfromrolla.com/articles/103002-
    1.2.aspx) to encrypt my password. Now I need to decrypt
    the password again to a string. Is that possible, if so
    how?<


    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Jeff Louie, Nov 26, 2004
    #4
  5. Vishal

    Vishal Guest

    Thanks to all for the reply. Yes I somehow misunderstood
    the MD5 algorithms. I overread that it is a one way
    encryption. Can anybody tell me which encryption is used
    for two-way? So that I can encrypt/decrypt the passwords?

    Thanks


    >-----Original Message-----
    >Vishal... I think you must have misunderstood the purpose

    of the MD5
    >algorithm. It is designed to create a "message digest".

    This allows you
    >to
    >verify a password without actually storing the password

    on the server.
    >As
    >such, it is a one way algorithm, designed to make it

    difficult to
    >compute the
    >original password from the message digest. For example, a

    crude method
    >would be to XOR all of the bytes in a password and store

    the result on
    >the
    >server creating a crude message digest.
    >
    >Regards,
    >Jeff
    >>I used this article

    >(http://aspnet.4guysfromrolla.com/articles/103002-
    >1.2.aspx) to encrypt my password. Now I need to decrypt
    >the password again to a string. Is that possible, if so
    >how?<
    >
    >
    >*** Sent via Developersdex http://www.developersdex.com

    ***
    >Don't just participate in USENET...get rewarded for it!
    >.
    >
     
    Vishal, Nov 26, 2004
    #5
  6. Vishal

    Jeff Louie Guest

    Vishal... RC4 and DES are examples of two way algorithms. The .NET
    cryptograhpy API has two way algorithms, but it is _not_ recommended
    that you store the encrypted passwords on the server. If someone
    compromises the server they can decrypt them. If you only store
    hashcodes on the server, it will be difficult to recreate the password
    table. In fact, don't just hash the passwords, but combine the password
    with a random "salt" --> hash the result and store the hash and random
    salt on the server. To verify the user's credentials, take the users
    input, add it to the stored random salt --> hash the result and compare
    it to the stored hash.

    Regards,
    Jeff
    >Can anybody tell me which encryption is used

    for two-way? So that I can encrypt/decrypt the passwords?<

    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
     
    Jeff Louie, Nov 26, 2004
    #6
  7. Vishal

    Ben Amada Guest

    Vishal,

    I understand that decrypting passwords is important -- you might have a user
    who lost their password and needs to be reminded what their password is --
    among other scenarios where decryption is necessary. Have a look at this
    example (VB.NET example starts in the middle of the page):

    How To: Encrypt and Decrypt Data Using a Symmetric (Rijndael) Key
    (C#/VB.NET)
    http://www.obviex.com/samples/Encryption.aspx

    Good Luck,
    Ben

    "Vishal" <> wrote in message
    news:92ab01c4d3f6$71265690$...
    > Thanks to all for the reply. Yes I somehow misunderstood
    > the MD5 algorithms. I overread that it is a one way
    > encryption. Can anybody tell me which encryption is used
    > for two-way? So that I can encrypt/decrypt the passwords?
    >
    > Thanks
     
    Ben Amada, Nov 26, 2004
    #7
  8. Vishal

    Tien Guest

    Hasing your password is better, you don't need to decrypt a password to validate it.

    "Tampa .NET Koder" <> wrote in message news:<>...
    > MD5 is a hashing algorighm. This is a one-way encrypt. You cannot decrypt
    > this password. Only thing you can do is use the same hashing function you
    > used to hash the password the first time..then compare it to the hashed
    > password to the one stored in the database. This article explains this in
    > the Limitations of Storing Encrypted Passwords in the Database section
    >
    >
    > "Vishal" wrote:
    >
    > > Hello,
    > >
    > > I used this article
    > > (http://aspnet.4guysfromrolla.com/articles/103002-
    > > 1.2.aspx) to encrypt my password. Now I need to decrypt
    > > the password again to a string. Is that possible, if so
    > > how?
    > >
    > > Thanks
    > >
     
    Tien, Nov 27, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    508
    Jonathan Allen
    Sep 25, 2004
  2. skech
    Replies:
    3
    Views:
    519
    srinvias moorthy
    Dec 4, 2003
  3. Mark

    Encrypt/decrypt info from form

    Mark, Feb 6, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,529
    William LaMartin
    Feb 6, 2004
  4. Augusto Rocha

    How do I decrypt a SHA stored password?

    Augusto Rocha, Feb 19, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    15,645
    Karl Jensen
    Feb 19, 2004
  5. Replies:
    1
    Views:
    451
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page