-7

For school we have a project divided in two parts: one in ASP.NET (C#) and one in Java. We have an administrator who must be able to login in the webapplication and in his tool (Java). In our projects, ASP.NET makes the database, which is very easy.

But we have to access the password of the admin to let him login in our Java application. The password is hashed by ASP.NET. Does anyone know how to decrypt it in Java?

Thomas Aelbrecht
  • 17
  • 1
  • 5

2 Answers2

2

NONONONONONO - if you can "decrypt", "dehash" the password then you must immediately change how your code works to make it from now on impossible to achieve that. They are hashed for a very good reason.

What you need to do instead is create some kind of logic to log some administrator in without the usage of another user's password - via some admin panel where you create the same session / cookie information as a regular login would do. The only person knowing a user's password has to be the user himself, nobody else.

luk2302
  • 55,258
  • 23
  • 97
  • 137
  • Nice comment, but I don't see how this answers the question. OP probably used the wrong terminology. – Artjom B. Feb 25 '17 at 13:38
  • @ArtjomB. I was thinking about posting it as a comment - but it is an answer in the sense that I tell him what the correct way is: creating an admin panel - it does not answer the question "how do I decrypt ..." but it broadly answers the underlying question: "how do I give an admin access to ..." – luk2302 Feb 25 '17 at 13:41
  • I see what you mean, but the logic you're proposing is exactly what the OP is asking for. I understand the question in the way that the Java application is supposed the be the admin panel. This question is unanswerable without some code to get an idea what we're talking about. – Artjom B. Feb 25 '17 at 13:46
  • I don't know which code we're talking about because the ASP.NET Identity Framework does everything for me, even making a database. So, I think the only way to solve the problem is to rewrite the hashing algoritm in Java. But therefore we need the code the ASP.NET Framework uses. @ArtjomB. Indeed, we have an admin panel and a webapplication for the jobcoaches (as they call it). – Thomas Aelbrecht Feb 26 '17 at 14:22
  • @luk2302 Maybe my terminology is not right every time, that's good to know. – Thomas Aelbrecht Feb 26 '17 at 14:24
0

It's not impossible what you want, but what you want is real realy hard and if you choose a good Password, it's nearly impossible to get the password from the hash without calculation an inifine amount of time. All Information like length contained words or if the Password is lower case or not can help you "reverse" the hash.

The reason why the most people will say that is is impossible is, because hash functions are designed to work one way. The are commonly used to store Passwords and if you can reverse the process simply that would be realy realy realy bad, because than you could easyly reverse alle stored Passwords in databases.

Firstly you can use rainbow tables. That are lists that store hashs and there initial value. (Note that the rainbow table must fit to your hash function.) If you can find an hash in the rainbow table that matches the passwords hash you can look up the initial value. But Rainbow tables contains only hashs of commonly used Passwords. If you choose an large and/or complex passwords you need to go through all passwords cominations an look if the hash of one of this combinations matches the hash of the password, but this will take like forever except you work for agencys like the NSA which have access to super computers.

Dominik Viererbe
  • 387
  • 2
  • 12