0

I have used the following code to Encrypt a password using MD5 hashing.But I am stuck on how to decrypt the password . I am sure that it can be acheived easily without writing lot of code. Any help will be apprectiated.

 //Password encryption
    public string ComputePassword(string password)
    {
        StringBuilder str = new StringBuilder();
        try
        {
            byte[] bytes = Encoding.Unicode.GetBytes(password);
            var md5 = new MD5CryptoServiceProvider();
            var md5data = md5.ComputeHash(bytes);

            for (int i = 0; i < md5data.Length; i++)
            {
                str.Append(md5data[i].ToString("x2"));
            }
            return str.ToString();
        }
        catch (Exception ex)
        {
            return null;
        }

    }

How can I decrypt the above generated encrypted string

ksg
  • 3,927
  • 7
  • 51
  • 97
  • 3
    MD5 is "one-way" hash function. You can't restore original value from hash. – Andrey Korneyev Nov 03 '15 at 13:18
  • Ok...then what is the alternative of md5 hash?? – ksg Nov 03 '15 at 13:20
  • MD5 is not a very secure password hashing algorithm, see https://www.bentasker.co.uk/blog/security/201-why-you-should-be-asking-how-your-passwords-are-stored – Alex Nov 03 '15 at 13:21
  • @ksg - That depends on how secure you need the encryption. Are you after very secure, or mainly obfuscation? – Jerren Saunders Nov 03 '15 at 13:22
  • @Jaco can you suggest an algorithm?? – ksg Nov 03 '15 at 13:22
  • @JerrenSaunders I am after obfuscation :{ ) – ksg Nov 03 '15 at 13:23
  • 2
    @ksg: If these are user passwords then it's simple... *don't* "decrypt" them. User passwords should be obscured with a 1-way hash and should *never* be retrievable. – David Nov 03 '15 at 13:24
  • 5
    @ksg Probably, you're on the wrong way, if we're talking about some user authentication. Usually it is not needed to decrypt password from hash. Instead you should compute hash of password entered by user and compare it with saved hash. – Andrey Korneyev Nov 03 '15 at 13:24
  • 1
    I'd suggest that you look into these pages for securing passwords: https://crackstation.net/hashing-security.htm#aspsourcecode https://msdn.microsoft.com/en-us/library/aa545602(v=cs.70).aspx If just after obfuscation, see http://stackoverflow.com/questions/202011/encrypt-and-decrypt-a-string/10366194#10366194 – Jerren Saunders Nov 03 '15 at 13:26
  • Thanks @AndyKorneyev for your suggestion.Sorry guys this was what I was looking for. – ksg Nov 03 '15 at 13:27
  • @ksg you can't just obfuscate passwords, most users tend to the same passwords across multiple systems. I would recommend to use BCrypt, there is a NuGet package for it, see https://bcrypt.codeplex.com/ – Alex Nov 03 '15 at 13:27
  • @Jaco No no no. A single hash is far too quick to calculate. Passwords should be stored salted and run through an expensive key-stretching algorithm such as [bcrypt](https://en.wikipedia.org/wiki/Bcrypt) or [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2). – Phylogenesis Nov 03 '15 at 13:28
  • See [this](http://stackoverflow.com/a/16857760) for PBKDF2 and [general advice](http://security.stackexchange.com/q/211/45523). – Artjom B. Nov 03 '15 at 14:39

0 Answers0