Retrieve text from Bcrypt hashed password
Cryptographic hashing, by design, is a one-way function. It is precisely the intent of the hashing function to be infeasible to reverse. In addition, multiple inputs can hash to the same output.
Requiring access to the old password in order to set a new password is indicative of a flawed design. Why, exactly, do you need access to the old password in plaintext in order to update the password?
Murali Murugesan
Working as a Senior FullStack & Cloud Developer in Stockholm, Sweden. Interested in Web stack, Application Architecture and Design, Front end development frameworks. C# Azure ASP.NET Core Angular TypeScript WebAPI micro-services Agile Domain Driven Design Clean Code TDD SQL Server Clean Coder, Passionate to build a better software!
Updated on September 05, 2022Comments
-
Murali Murugesan over 1 year
Using BCrypt technology to store the password into database as a hash. Though it may be bit slow compared to fast hashing algorithm like MD5, SHA-1, etc, we decided to go as security is more important.
In .Net I have implemented using http://bcrypt.codeplex.com/
BCrypt.Net.BCrypt.HashPassword("Password", BCrypt.Net.BCrypt.GenerateSalt(12));In our site where administrator will create the user-name and password for new user.
There is no issue in storing hashed password. But if admin want to update the password he need to see the old password. I dont see any method that decry-pt the hashed value stored in DB in Bcrypt.Net.
Is there any way to generate text from Bcrypt hashed password? However I agree that it should not be possible, but there are some scenario we are put into to do this :(
Update: I decided to use a default password that is stored in some table as plain text and hash that text and store as a password for a user. When user login into the site he will be forced to change the password until he reset. Will this sounds good?