0

Currently, I'm using encode method to encode password, here it is:

static encode = { String s ->
        print(s)
        MessageDigest md = MessageDigest.getInstance('SHA')
        print(md)
        md.update s.getBytes('UTF-8')
        def result = Base64.encodeBase64 md.digest()
        new String(result, "UTF-8");
    }

So, is there any possible ways to decrypt it? I tried decodeBase64() and got result:

[64, -67, 0, 21, 99, 8, 95, -61, 81, 101, 50, -98, -95, -1, 92, 94, -53, -37, -66, -17]

Am I close to success? How can convert it to string?

halfer
  • 19,824
  • 17
  • 99
  • 186
Tran Tam
  • 699
  • 3
  • 14
  • 27

1 Answers1

2

No SHA is a one-way hash which means you cannot get the original data given the hash. One-way hashes makes storing people's passwords more secure because even if someone obtained a copy of the hash they can't easily reverse the hash and retrieve the password.

Base64 is an encoding mechanism to encode binary data as ASCII text. It is not an encryption. If you give me a Base64 encoded string anyone can decode it and get the original message. A big clue that it's not secure is there is no secret key given to Base64 which means it's not preventing anyone from decoding it.

You should not store passwords using SHA. It's too easy to brute force these days so your passwords are easy to decode. MD5 and SHA aren't safe hashes. You need to use bcrypt or other tuneable algorithms.

chubbsondubs
  • 37,646
  • 24
  • 106
  • 138