1

Currently i am using salt to encrypt the password.

public static SaltedHash Create(string password) 
        {
            string salt = _createSalt();
            string hash = _calculateHash(salt, password);
            return new SaltedHash(salt, hash);
        }

private static string _createSalt() 
        {
            byte[] r = _createRandomBytes(SALT_LENGTH);
            return Convert.ToBase64String(r);
        }
private static byte[] _createRandomBytes(int len) 
        {
            byte[] r = new byte[len];
            new RNGCryptoServiceProvider().GetBytes(r);
            return r;
        }
private static string _calculateHash(string salt, string password) 
        {
            byte[] data = _toByteArray(salt + password);
            byte[] hash = _calculateHash(data);
            return Convert.ToBase64String(hash);
        }
private static byte[] _toByteArray(string s) 
        {
            return System.Text.Encoding.UTF8.GetBytes(s);
        }
private static byte[] _calculateHash(byte[] data) 
        {
            return new SHA1CryptoServiceProvider().ComputeHash(data);
        }
/// <summary>
        /// This method verifies a password from a SaltedHash class.
        /// <param name="password">The password to verity</param>
        /// <returns>Boolean</returns>
        /// </summary>
        public bool Verify(string password) 
        {
            string h = _calculateHash(_salt, password);
            return _hash.Equals(h);
        }
/// <summary>
        /// This method creates a SaltedHash object from a salt and hash value. 
        /// <param name="salt">Salt value</param>
        /// <param name="hash">Hash value</param>
        /// <returns>SaltedHash class</returns>
        /// </summary>
        public static SaltedHash Create(string salt, string hash) 
        {
            return new SaltedHash(salt, hash);
        }

Now encryption is fine. Now using the same technique i want to decrypt the password.

How to do this ? Thanks.

4

1 回答 1

9

You are not encrypting the password, you are hashing it.

The idea of a hash is that it is a one-way function where it is computationally cheap to create a hash from original text, but computationally expensive to start with a hash and end up with plain text that would create that hash value.

Although there are various attacks to break SHA1 (your hash algorithm), there is no straightforward approach to "decrypt" the hashed value ("decrypt" in quotes means to find an input value that would correspond to the salted, hashed output value).

If you really do want to encrypt text, look into algorithms such as AES (also supported by the .NET framework).

于 2013-02-01T06:23:59.020 回答