How to retrieve password back in original form in Asp.Net Identity System from PasswordHash column?
Asked
Active
Viewed 5,525 times
1
-
6Welcome to SO. This is not possible by design. Hash functions are one-way, and it is therefore not possible to obtain a password from its hash value without resorting to brute force attacks or things like rainbow table lookups. – dho Jan 07 '15 at 17:32
-
1possible duplicate of [How to decrypt a password from SQL server?](http://stackoverflow.com/questions/173329/how-to-decrypt-a-password-from-sql-server) – dho Jan 07 '15 at 17:34
-
instead of retrieving you can reset the password for the user http://stackoverflow.com/questions/19524111/asp-net-identity-reset-password?rq=1 – Amitd Jan 07 '15 at 18:10
2 Answers
5
You don't.
The whole idea behind hashing algorithms is that they're one way processes. With some work you could swap out hashing for encryption of passwords, but A) if you've used the default (which is a hashing algorithm) and you've already got users in the database, you aren't getting those passwords back, and B) there are good security reasons passwords are hashed instead of encrypted.
If you just need to reset the password for the user and you have access to the source code, there's plenty of ways to do this. This SO Q&A is a good start.
-
It's also important to note that storing passwords in a retrievable manner is bad security practice. – Vadim Jan 07 '15 at 18:05
-
@Vadim not arguing against that point at all, just saying that it's possible. – joelmdev Jan 07 '15 at 18:09
-
Of course you can. You just learn which hash method is used and then try a brute force. Depending on your luck, it can take a fraction of a second or billions of years. Technically, it IS possible then. – Wiktor Zychla Jan 07 '15 at 18:10
0
Actually what i have to do is: In Admin module of my project i have to show existing users with their credentials ie username/email and their password......so reset password wont work.
Awaneesh Jatrana
- 11
- 1
- 2