1

Actually I want to get the password back from the encrypted password.

The password is encrypted as follows:

MessageDigest md = MessageDigest.getInstance("SHA");
md.reset();
byte[] encryptedBinarySource = md.digest(source.getBytes("UTF-8"));

How to decrypt the value of encryptedBinarySource?

finnw
  • 47,861
  • 24
  • 143
  • 221
Dhirendra Kumar
  • 11
  • 1
  • 2
  • 1
    You cannot. That's the whole point of `digest`. Whatever the input size, the output size is fixed, and small... so a lot of information is lost in the process. – pascal Feb 01 '11 at 11:23
  • 1
    Not only you, but also many crackers wish to do it. If you need to compare some value, encrypt (digest) the value you want to compare.. then compare with the encrypted password :) Thats the only way. **Please don't change your mind and go for string plain password on this issue** – Sarwar Erfan Feb 01 '11 at 11:23
  • But if you could try to get the same output with a different input, counting on SHA collisions... Maybe using a dictionary... which is the reason for using a salt. And this is also a hard question... – pascal Feb 01 '11 at 11:25
  • Related: http://stackoverflow.com/questions/2235079/is-it-possible-to-reverse-a-sha1, http://stackoverflow.com/questions/3492317/decode-sha1-string-to-normal-string, http://stackoverflow.com/questions/3859100/convert-sha1-back-to-string, – finnw Feb 01 '11 at 14:28

2 Answers2

5

You can't. SHA is an one-way encryption. Being able to decrypt it would break its sole purpose. Rather use a two-way encryption algorithm. Or if it is intented to encrypt sensitive information like passwords in your case, then you should rather encrypt the newly entered password the same way and compare its result with the original encrypted password which you've stored somewhere.

There are however so-called rainbow tables which enables you (and the hackers!) to reveal the original value based on a hash. For SHA the chance on a successful match is however much lower than MD5.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
3

You can not decrypt a hash. A hash is a one-way function. Hashed passwords are indeed used not to store the actual password (you hash the password introduced by the user and compare to the stored hash)

Fernando Miguélez
  • 11,196
  • 6
  • 36
  • 54