0

I have a table called user in my database and I save the passwords in sha256. And I am wondering if I can now get the original value from the sha256, to display it on the user profile frontend.
Example

use sha2::{Digest, Sha256};

fn test() {
    let password = "secret value";
    let password_sh256 = Sha256::digest(password.as_bytes());
    let encrypted_password = format!("{:x}", password_sh256);
    println!("result: {:?}", encrypted_password);
    // result: "c3a57afaa51d985ac0b4117f509e2ce6dd94d520e441778736a945b4cb941755"
}

Now how could you have the original value of the variable named password making use of the variable named encrypted_password?
I appreciate any help.

Daniel
  • 181
  • 4
  • 13
  • 6
    Saying that it can't be done is a bit much, but SHA256 was designed precisely _not_ to be reversible, so it's very unlikely there's a time efficient way to go from hash back to the original password. – Joachim Isaksson Aug 20 '21 at 23:03
  • You'll want to read up on [hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function). – Brian61354270 Aug 20 '21 at 23:04
  • Ok, I already understood that this will help me to have users validate their password, but I will not be able to make the user see their own password. Now I think it is not so important to show it. – Daniel Aug 21 '21 at 00:24
  • 2
    If a site ever tried to show me my original password anywhere, I'd probably immediately stop using that website out of fear, so seems like a good choice :) – loganfsmyth Aug 21 '21 at 01:40
  • 1
    Does this answer your question? [How to decrypt a SHA-256 encrypted string?](https://stackoverflow.com/questions/9316437/how-to-decrypt-a-sha-256-encrypted-string) – Elias Holzmann Aug 21 '21 at 06:52

1 Answers1

2

SHA-256 is designed to be computationally infeasible (in simpler terms: practically impossible) to invert like you want to do. In fact, it is provably the case that there are multiple inputs that hash to the same value (although it is also currently computationally infeasible to find them) so at best, you would be able to find some input that hashed to the same value. However, as mentioned, it is very unlikely that anyone can presently do so.

Additionally, there are some things to mention. First, you should never show the user their plaintext password. You don't know if the user is in a coffee shop, library, or other public place where others might be shoulder-surfing, so you wouldn't want to expose this. In addition, you don't want to be able to invert the password for security reasons (because that means anyone else can), so there's no way to actually show it.

Furthermore, you don't want to use plain SHA-256 for password hashing. The reason is that if people pick bad passwords, like “password123,” then all the users with the bad password will have the same password hash, and it's also easy to make a giant list of passwords that are known to be compromised and look them up in the list. What you want to do is use a password hashing function like Argon2 or bcrypt that (a) uses a unique salt (random data) for each password and (b) iterates the operation multiple times so that it's slow and guessing many passwords takes a long time. Fortunately, there are libraries in Rust for doing just this, and the argon2 crate has great documentation explaining how to do just this.

bk2204
  • 64,793
  • 6
  • 84
  • 100