1

I am using this to convert text to hash.

How should I convert the hash text to its original. It is needed to display the text.

C#:

private string HashPassword(string sText)
{
Byte[] data = System.Text.Encoding.UTF8.GetBytes(sText);
Byte[] hash = new System.Security.Cryptography.SHA256CryptoServiceProvider().
               ComputeHash(data);
return Convert.ToBase64String(hash);
}
Ruby
  • 949
  • 7
  • 31
  • 68
  • 1
    What you're looking for is symmetrical encryption, not hash. – Ondrej Svejdar Feb 27 '14 at 15:33
  • 2
    assuming this is for a password best practice you should never display the user password, if they forget it then reset it and let them make a new one. – Eluvatar Feb 27 '14 at 15:33
  • @OndrejSvejdar He's hashing passwords. Those really should be hashed, not encryped, and he really shouldn't be able to get the plaintext back out of them. – Servy Feb 27 '14 at 15:34
  • Oh, you’re hashing passwords? Don’t use SHA256. Especially not without salt. Use a password hash. bcrypt, scrypt, PBKDF2, etc.. (Well, maybe *you* aren’t the one hashing passwords. Maybe you’re trying to reverse the hash, so you don’t want a strong password hash. But that’s still hard.) – Ry- Feb 27 '14 at 15:34
  • @Servy - true, if it is indeed for password, Ruby should just compare hashes. – Ondrej Svejdar Feb 27 '14 at 15:36
  • Yes, already doing the same comparing. But just had to display . But got it. It cant. – Ruby Feb 27 '14 at 15:37

2 Answers2

12

A hash is a one way process. Simple answer is you can't.

You can however generate tables of values and their hash equivalent and then go searching through those, they're known as rainbow tables, see here on Wikipedia, but depending on how complicated the input value was these become increasingly unfeasible.

Lloyd
  • 29,197
  • 4
  • 84
  • 98
  • Rainbow table is a little excessive for anything other than disaster recovery / hacking given the scenario being hinted at by the OPs code ;p – Jack0x539 Feb 27 '14 at 15:38
  • @Jack0x539 It also has no way of dealing with collisions, so you can never strictly *know* which of the possible collisions was the original value. – Servy Feb 27 '14 at 15:39
  • 1
    @Servy I was implying that the comment on the rainbow table was not relevant to the OPs question, given the code; I certainly wasn't saying do it. – Jack0x539 Feb 27 '14 at 15:41
  • @Jack0x539 Yeah, probably shouldn't have @ replied you with that comment; was more for Lloyd. – Servy Feb 27 '14 at 15:42
  • It was just a suggestion. I'd never go down that route myself. @Servy I hadn't actually considered collisions that's an interesting point. – Lloyd Feb 27 '14 at 15:45
6

You cannot. it is impossible. That's actually the point of hashes like this. They are a one way hash. If you're able to get the plain text back from the hash then the hash isn't doing its job.

Servy
  • 202,030
  • 26
  • 332
  • 449