ASP.NET - retrive password

Asked By lakshmi chaitanya on 02-Jan-12 05:14 PM
How to retrive password from database when it is in Hashedformat....
Peter Bromberg replied to lakshmi chaitanya on 02-Jan-12 07:41 PM
You cannot retrieve an original password from a hash stored in the database. The way it works is that when a user enters their password, it is hashed and the hash is compared to the one stored in the database.
Hashing is a one-way deal; it is not encryption.
Riley K replied to lakshmi chaitanya on 02-Jan-12 08:08 PM


You can't 

First understand the difference between hashing and encryption you are getting confused

In encryption you crypt the password with a phrase and retreive it with the same phrase.

With Hashing the only possible way is to reset the password and send it to user

Your only bet is to reset the password using Membership.Provider.ResetPassword(username,pwd question)

Regards
[)ia6l0 iii replied to lakshmi chaitanya on 02-Jan-12 08:10 PM
Additionally, you should look at password reset mechanisms - if you want the user to retrieve passwords when their forget theirs. No One can get closer to it.

When the user chooses to do a password reset - generate a random password and send it to him/her via any communication mode - email/sms/fax and ask them to perform a login.
Srikanth K replied to lakshmi chaitanya on 03-Jan-12 12:24 AM
When you compare passwords - you need to compute the MD5 on the password they are submitting.

So in your code you want to something like this:

MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
//create an array of bytes we will use to store the encrypted password
Byte[] hashedBytes;
//Create a UTF8Encoding object we will use to convert our password string to a byte array
UTF8Encoding encoder = new UTF8Encoding();

//encrypt the password and store it in the hashedBytes byte array
hashedBytes = md5Hasher.ComputeHash(encoder.GetBytes(txtPassword.Text));

//set the password they are using now to password for the compare:
Password = hashedBytes;

http://stackoverflow.com/questions/4157837/saving-and-comparing-passwords-to-database-as-binary-using-md5
dipa ahuja replied to lakshmi chaitanya on 03-Jan-12 03:05 AM
You can use the encrypt and decrypt method, when you use the any particular encryption method , you know how or from which method to decrypt it

here is the simple code:

static byte[] bytes = ASCIIEncoding.ASCII.GetBytes("ZeroCool");
   
void passQueryString()
{
  string Encryptedcode = Encrypt(TextBox1.Text.ToString());
  Response.Redirect("products.aspx?code=" + Encryptedcode);
 
}
  
/* Encrypt */
 
public static string Encrypt(string originalString)
{
  if (String.IsNullOrEmpty(originalString))
  {
    throw new ArgumentNullException
      ("The string which needs to be encrypted can not be null.");
  }
  DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
  MemoryStream memoryStream = new MemoryStream();
  CryptoStream cryptoStream = new CryptoStream(memoryStream,
    cryptoProvider.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
  StreamWriter writer = new StreamWriter(cryptoStream);
  writer.Write(originalString);
  writer.Flush();
  cryptoStream.FlushFinalBlock();
  writer.Flush();
  return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length);
}
 
/* Decrypt */
public static string Decrypt(string cryptedString)
{
  if (String.IsNullOrEmpty(cryptedString))
  {
    throw new ArgumentNullException
      ("The string which needs to be decrypted can not be null.");
  }
  DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
  MemoryStream memoryStream = new MemoryStream
    (Convert.FromBase64String(cryptedString));
  CryptoStream cryptoStream = new CryptoStream(memoryStream,
    cryptoProvider.CreateDecryptor(bytes, bytes), CryptoStreamMode.Read);
  StreamReader reader = new StreamReader(cryptoStream);
  return reader.ReadToEnd();
}