-1

I have been working on a project to convert a regular MVC application to Web API application. Now the security system isn't done properly and I am wondering what to do. I turn to you all to help me figure it out. The current system uses the following code to create an encrypted password. (Probably not the best way but it is what it is.)

MD5CryptoServiceProvider x = new MD5CryptoServiceProvider();
byte[] data = System.Text.Encoding.ASCII.GetBytes(unHashed);
data = x.ComputeHash(data);
return System.Text.Encoding.ASCII.GetString(data);

Now my question is can a method be created to decrypt the password? I have been playing around with the code and can't quite figure it out. I am not that great with this so I hope someone on here can help me out.

Thanks in advance!

leppie
  • 115,091
  • 17
  • 196
  • 297
sroye98
  • 173
  • 2
  • 11
  • 3
    You can't do that. You need to understand what _hashing_ means. (although MD5 is not secure) – SLaks Dec 02 '14 at 04:06
  • 1
    Yeah, depending on how your employer feels about the matter, you could probably recover all or nearly all of the users' passwords using an MD5 cracker, and then re-encode them using some better scheme. But as a matter of general principle, hashes are opaque and you can only upgrade users to a new hash when they reset their password (which you might force them to do, from time to time). – hobbs Dec 02 '14 at 04:12
  • Also relevant (arguably dupe): http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes – hobbs Dec 02 '14 at 04:24

1 Answers1

0

Actually it's not possible to decode hashed value. If you want to encrypt/decrypt some value you should use symmetric cipher(triple des for example) instead of hash algorithm.

k0lpak
  • 555
  • 4
  • 18