Question What type of encryption will come out the output like this: 45bc8HTzybF3kgJ1gCLQV22X3

SFish

New member
Joined
Jul 24, 2012
Messages
4
Programming Experience
Beginner


Hi, I need to ask about the encryption since i am not familiar with encryption.
I wan to decrypt the password but i not sure how those password encrypted.
Those passwords in this kind of form "33bc8HTzybF3kgJ1gCLQV22X3tY="
is anyone know what kind of encryption is using?
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
3,207
Location
Sydney, Australia
Programming Experience
10+
You seem to assume that we have some sort of magic power. How could we possibly know how a value was encrypted simply from the output? Encryption creates ostensibly random data so there's nothing specific about any output that identifies how it was encrypted.

Luckily for you, some of us know how passwords are generally handled so we can make a fairly good guess based purely on the fact that you're working with passwords. Almost certainly, the password is not encrypted and therefore you cannot decrypt it. Passwords are generally hashed, which is similar to encryption but is a one-way process where encryption is two-way. That specifically means that there is no way to reproduce the original data from the hash, i.e. there is no "unhash" function that would equivalent to decrypting. Hashing is used specifically with passwords so that, even if someone gets access to the hashed data stored in the database, they still cannot determine what the password is.

User authentication systems that hash passwords work as follows. When the user registers, they provide a user name and a password. The system hashes the password and stores the result in the database along with the user name. When a user logs in, the system uses the user name provided to query the database and, if it exists, gets the corresponding hashed password. It then hashes the password they logged in with and compares the two hashes. If they are the same then the login is successful, otherwise it is rejected.

The most common hash algorithm used for passwords is SHA1, but MD5 is also used sometimes and there are others that might be used too. Just as in the case of encryption, you can can only actually hash bytes, not text. The password is input as text though and the hash is usually stored as text in the database. That requires a few steps. Generally you will call GetBytes on an appropriate Encoding object, e.g. Encoding.ASCII or Encoding.UTF8, to convert the original String into a Byte array. After hashing the data, there are a few ways that you can convert the result to a final String. The option I would use, and the option your example appears to have used, is to call Convert.ToBase64String and pass the Byte array.

You can search online and I'm sure that you'll find multiple examples of hashing passwords. Note that you can also use a salt, which is some additional random Bytes appended to the password data before hashing. This increases security by ensuring that even when two users have the same password, the stored hashes will be different. If you do choose to use a salt then it is also stored in the database along with the user name in same format as your hashed password, e.g. base 64 text.
 

SFish

New member
Joined
Jul 24, 2012
Messages
4
Programming Experience
Beginner
is it the different hash algorithm will generate different pattern of encryption password like SHA-1 got it own pattern to encrypt the password?
 

jmcilhinney

C# Forum Moderator
Staff member
Joined
Apr 23, 2011
Messages
3,207
Location
Sydney, Australia
Programming Experience
10+
There's no pattern in the output of any encryption or hash algorithm. It's just bytes that are basically random. It's time for you to provide some more information. For all we know you have simply got someone's password out of a database and are trying to reverse engineer it to use their account illegally. Presumably these passwords are being generated by a system not of your design. What system is it? If we know it then we may be able to tell you what hash algorithm it uses. If not then you may be able to contact the author. If nothing else you can simply test the common options, i.e. SHA1 and MD5, to see if they work.
 
Top Bottom