0

I am just curious if this can be done.

I have the hashed password (algorithm SHA1) and Password salt, would I be able to retrieve the password?

Can it be done in SQL server or can it be done via any software?

example: 

 Hashed GQdsHCOcun8JuysvqsM3pP0eeoU=
 Password salt: CDjIsQcbz23NzXZLzHRTVw==

Thanks

NoviceDeveloper
  • 1,270
  • 3
  • 15
  • 41

2 Answers2

3

No. Hashes are one-way functions. You can brute-force the passwords, until you guess the correct password, but you cannot decrypt them.

Alex W
  • 37,233
  • 13
  • 109
  • 109
  • 1
    Alex W is correct. Having the hashed password and the salt, confirm whether or not a given password is correct. However, you cannot (easily) figure out what the original password is, with only the hashed password and the salt. – mti2935 Apr 03 '14 at 13:33
  • @NoviceDeveloper - As Alex said you cannot decrypt a hash, however you can brute-force about [3 Giga](http://hashcat.net/oclhashcat/#performance) SHA1 hashes per second with common hardware. That means that SHA* is not appropriate to hash passwords, instead one should use a slow key-derivation function like BCrypt or PBKDF2. – martinstoeckli Apr 03 '14 at 15:03
1

Short answer is no. SHA1 is a one way hash algorithm. You could theoretically find other words that also produce the same hash (collisions), but it would take a lot of time and computing resources.

BlakeH
  • 3,354
  • 2
  • 21
  • 31
  • 1
    For those curious about collisions, you can see [this answer](http://stackoverflow.com/questions/1867191/probability-of-sha1-collisions) about their probability. – Alex W Apr 03 '14 at 13:35