-4

I am working on Database where some of the Encrypted data I inserted in the database must be decrypted to be shown to the user. Is it possible to convert a decrypted message/varchar entry in the database to their Orginal or String form? let's say I have this hashed message

`abc = `'7meXQAMRb+ERvBj6Dy/SEe6ldukGy6bTKugnCsoYyl+lYNT6';

is there anyway to return that 7meXQAMRb+ERvBj6Dy/SEe6ldukGy6bTKugnCsoYyl+lYNT6 back to abc again?

Btw I used Omu Encrypto for Encrypting my password

user962206
  • 15,637
  • 61
  • 177
  • 270
  • 3
    Do you know what _hashing_ means? – SLaks Apr 02 '12 at 02:29
  • 2
    Let's just say no. That being said, nothing is impossible. – Quintin Robinson Apr 02 '12 at 02:30
  • I know hash is only one way. but is there anything or anyway to decrypt an encrypted text or message in C#? – user962206 Apr 02 '12 at 02:33
  • 1
    Are you asking for an encryption algorithm? Hint: Rijndael – SLaks Apr 02 '12 at 02:33
  • 2
    You should re-write your question and be very specific. There is a huge difference between hashing and encrypting. – Origin Apr 02 '12 at 02:39
  • 1
    Your question is still wrong: "Is it possible to convert a decrypted message/varchar entry in the database to their Orginal or String form? let's say I have this hashed message". If you have a decrypted message in the database, that would be it in the original form. And if you have a "hashed" message, that's very different than an encrypted message. – Origin Apr 02 '12 at 02:43
  • 1
    @QuintinRobinson Of course there are things that are impossible. For instance, a reversible mapping between 10 objects and 2 objects. – Nick Johnson Apr 02 '12 at 11:28
  • @user962206: Given the key you can decrypt a message. But what you're trying is reversing a hash. But hashing is not encryption. Hashing means "loosing data in a way, that the remaining bits of information directly depend on the original data with highest possible entropy". And no that process can not be reversed. This is like asking for "(a%b + c)%256 = 45", there's an infinite number of solutions for this equation, even if I give you a and b you still can not tell what's c exactly. – datenwolf Apr 03 '12 at 07:55

3 Answers3

2

No, you cannot decrypt data that has been hashed.

That's the entire point of hashing information; it's a one way process most of the time.

You can use what's called a Rainbow attack to brute force some inputs and see if the hashes match, but to be honest that takes a long time and is probably not what you're looking for.

See Eric J's answer for more details.

Only Bolivian Here
  • 35,719
  • 63
  • 161
  • 257
1

One cannot reverse a hashed password reliably into the original string. However, it IS possible to reconstruct SOME valid input that yields a given hash. I'm providing this answer because the other answers are only partially correct, and it is important to understand the relative security of a hash.

To understand this, assume you use a 1-bit hash algorithm (that is, the hash is either 1 or 0). Half of all strings that you hash will yield a "1". Expand that to a 2-bit hash, and 1-in-4 strings that you randomly hash will yield a given hash value (hashes will be 0, 1, 2, or 3... in binary 00, 01, 10, 11). Expand that to say 128 bits and, while hash collisions are FAR less common, they still occur. If your hash algorithm has known vulnerabilities, it can be computationally straightforward to defeat it.

The MD5 has, for example, can be attacked using Rainbow Tables. There are online services that offer hash "cracking" e.g. http://md5crack.com/. Here, cracking means to reconstruct SOME valid input that yields the hash. Even brute force cracking is viable with modern processing power, especially using a GPU-based approach and/or distributed computing.

Hashes are a great tool, but be aware of your security requirements and the relative ease of reversing a hash generated by your chosen hash algorithm into some valid input that yields that hash. Also, always be sure and use a salt value with your hash.

UPDATE

Now that the question has been re-written, I would refer you to AES encryption. See

Using AES encryption in C#

Community
  • 1
  • 1
Eric J.
  • 147,927
  • 63
  • 340
  • 553
  • Rainbow tables aren't an attack on MD5 - they don't rely on any details of the hash, and you can construct a rainbow table for any hash function. Further, the value they return for a hash is almost certainly the original input - they're not built to try and find hash collisions. Brute-force finding a preimage for a valid hash is not practical with most hashes, unless you have a good constraint on the original input, such as that it's no more than 10 characters long. – Nick Johnson Apr 02 '12 at 11:30
0

Hashes are one-way, but if you used a third party encryption method like you said, they should provide a decryption method as well.

Jacob Phillips
  • 8,841
  • 3
  • 51
  • 66