0

I have a method to encrypt password and I think it's one-way encryption, is it possible to decrypt it by other method? 

    string HashPass(string pass)
    {
        var bytes = System.Text.Encoding.Unicode.GetBytes(pass);
        var inArray = System.Security.Cryptography.HashAlgorithm.Create("MD5")?.ComputeHash(bytes);
        return Convert.ToBase64String(inArray);
    }
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
doomiyar
  • 37
  • 6
  • 1
    Hashing and Encryption and two separate things. You can see more here - https://stackoverflow.com/questions/4948322/ – Saharsh Aug 06 '19 at 04:26
  • so this method is hashing and it's impossible to unhash? – doomiyar Aug 06 '19 at 04:30
  • If it's **one-way** - then **by definition** you cannot reverse it - not by "another method" either ...... that's the **whole point** of a one-way method! – marc_s Aug 06 '19 at 05:01

2 Answers2

2

A hash is a one-way function, it maps multiple values to one result, meaning that you can not find the original value given the result.

However, databases that store the original value and the hash result do exist, and MD5 hashs are really bad for security for that reason. For example, if you give me the hash e10adc3949ba59abbe56e057f20f883e I can search for the original value, and if i'm lucky, i'll find that 123456 is an possible answer to that hash result.

Do provide better security for your customers, please, follow this guidance for proper hashing a password.

mtanksl
  • 592
  • 6
  • 9
1

From what I think you are having trouble recognizing difference between Encryption and Hashing. Although they are both related to the field of Cryptography, they solves different problems. They both are used to store data securely but how they solve problem varies tremendously.

Key thing to note here is - Hashing is a one-way function, while Encryption is not.

A really simple and secure Hashing algorithm will require a string (or any type of data) as parameter and that is all it needs to create a hashed string (or data). As a sidenote however, in order to increase the security of algorithm they take other parameters like salt. But this can be safely ignored for sake of simplicity. Once you obtain a hashed data, it should be impossible to turn it back into what it actually was (unhashing) because it would defeat the very purpose of hashing it.

Encryption, on the other hand, works both ways. Like hash it's purpose is to scramble the data so no one can read or understand it, but in this case we want the data back. In order to achieve this, there comes another important parameter in the algorithm - the key! This key is used in encryption algorithm (say AES) with data that is to be encrypted to create encrypted data. In this case however, we can retrieve original data with the key that we used.

TL;DR - Both have their own places where it is to be used. Using Encryption adds the responsibility of handling keys properly, whereas Hashing eliminates that hassle at the cost of not being able to retrieve original data back.

More about this - Fundamental difference between Hashing and Encryption algorithms

From what I see you are trying to implement is MD5 Hashing. It's a hashing function which works one way only (as explained above).

Saharsh
  • 1,056
  • 10
  • 26
  • So, according to your note, I can't retrieve the original data back by this method and there is no way!! – doomiyar Aug 06 '19 at 10:00