-7

For school we have a project divided in two parts: one in ASP.NET (C#) and one in Java. We have an administrator who must be able to login in the webapplication and in his tool (Java). In our projects, ASP.NET makes the database, which is very easy.

But we have to access the password of the admin to let him login in our Java application. The password is hashed by ASP.NET. Does anyone know how to decrypt it in Java?

Improve this question
8
  • 2
    Hashing is a one-way algorithm. You can't get the original text from a hash. Crypting is different. If you have a hash, you should hash the password given by the user and compare it with the hash you already have, instead of trying to de-hash the hashed password. Commented Feb 25, 2017 at 13:09
  • Hashing algorithm is a one way encryption. You can encrypt but not decrypt, you can only match with other string. Commented Feb 25, 2017 at 13:09
  • stackoverflow.com/q/530426/101087 Commented Feb 25, 2017 at 13:13
  • @Thomas First you need to show what you understand what "hashed password from ASP.NET" means for you. And since Stack Overflow is not a code translation service, you should show what you tried first. Commented Feb 25, 2017 at 13:39
  • @BackSlash Thanks for your answer, a lot of things become clear! Commented Feb 26, 2017 at 14:28

2 Answers 2

Reset to default
2

NONONONONONO - if you can "decrypt", "dehash" the password then you must immediately change how your code works to make it from now on impossible to achieve that. They are hashed for a very good reason.

What you need to do instead is create some kind of logic to log some administrator in without the usage of another user's password - via some admin panel where you create the same session / cookie information as a regular login would do. The only person knowing a user's password has to be the user himself, nobody else.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Nice comment, but I don't see how this answers the question. OP probably used the wrong terminology.
@ArtjomB. I was thinking about posting it as a comment - but it is an answer in the sense that I tell him what the correct way is: creating an admin panel - it does not answer the question "how do I decrypt ..." but it broadly answers the underlying question: "how do I give an admin access to ..."
I see what you mean, but the logic you're proposing is exactly what the OP is asking for. I understand the question in the way that the Java application is supposed the be the admin panel. This question is unanswerable without some code to get an idea what we're talking about.
I don't know which code we're talking about because the ASP.NET Identity Framework does everything for me, even making a database. So, I think the only way to solve the problem is to rewrite the hashing algoritm in Java. But therefore we need the code the ASP.NET Framework uses. @ArtjomB. Indeed, we have an admin panel and a webapplication for the jobcoaches (as they call it).
@luk2302 Maybe my terminology is not right every time, that's good to know.
0

It's not impossible what you want, but what you want is real realy hard and if you choose a good Password, it's nearly impossible to get the password from the hash without calculation an inifine amount of time. All Information like length contained words or if the Password is lower case or not can help you "reverse" the hash.

The reason why the most people will say that is is impossible is, because hash functions are designed to work one way. The are commonly used to store Passwords and if you can reverse the process simply that would be realy realy realy bad, because than you could easyly reverse alle stored Passwords in databases.

Firstly you can use rainbow tables. That are lists that store hashs and there initial value. (Note that the rainbow table must fit to your hash function.) If you can find an hash in the rainbow table that matches the passwords hash you can look up the initial value. But Rainbow tables contains only hashs of commonly used Passwords. If you choose an large and/or complex passwords you need to go through all passwords cominations an look if the hash of one of this combinations matches the hash of the password, but this will take like forever except you work for agencys like the NSA which have access to super computers.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.