How to decrypt passwords?

Vardan Hovsepyan asked on April 15, 2016 19:57

Hello support,

Is there a method to decrypt passwords encrypted with SHA2 + Salt, assuming I have the encrypted password string and salts?

The reason I need this is I want to use System.Net.MailMessage to send emails and I need to use default smtp server in the config section, so I need to get the password from db.

I know there is Kentico's alternative to .Net's mail sender method but that one does not support specifying sender name in the email.

Thanks

Correct Answer

Juraj Komlosi answered on April 18, 2016 15:00

Hi Vardan,

There are two typical scenarios how you can protect the data:

  1. Hash approach - hashing the secrets like user passwords -> user password should be known only to its owner. It can be calculated and verified using the approach I described above. Using this approach you are not able to get the origin value from the hashed value.
  2. Encryption approach - encrypting the secrets like SMTP server password or any other service passwords -> in this case you need to know the unencrypted value, e.g. as you said if you want to create a new SMTP client. Using this approach you are able to get the origin value from encrypted value.

In Kentico the hashing approach is used only to protect user passwords. All other secrets are protected by encryption approach. What you want to achieve is the second scenario. In this case you can use EncryptionHelper class and use the following methods:

  • EncryptData(string plainString) - to store your secret in encrypted form in DB.
  • DecryptData(string encryptedString) - to get the original value from the encrypted form.

Hope it will help.

1 votesVote for this answer Unmark Correct answer

Recent Answers


Juraj Komlosi answered on April 15, 2016 23:24

Hi Vardan,

I am sorry but there is no efficient way how to get password from the hashed password string. SHA2 is a hash function which is considered practically impossible to invert. To validate user's password you need to know:

  1. user password (input in the logon form)
  2. hash algorithm (in your case it is SHA2)
  3. hash salt (additional string used in hash algorithm)

Based on the hash algorithm and hash salt you are able to calculate user password hash. Then you simply compare the password hash from the database with the password hash calculated from the user input. If they match the password is correct.

To sum it up you are not able to recreate the user password from its hash value even if you know hash algorithm and hash salt.

1 votesVote for this answer Mark as a Correct answer

Vardan Hovsepyan answered on April 15, 2016 23:36 (last edited on April 16, 2016 02:21)

Thanks Juraj,

I understand how the user passwords are being validated but was wondering how are you getting hashed smtp password back from db for CMS.EmailEngine.EmailMessage object to create System.Net.Mail.SmtpClient?

At some point you'd need to use the smtp password in the config section to create a smtp client.

0 votesVote for this answer Mark as a Correct answer

David te Kloese answered on April 18, 2016 09:50

Hi,

Although not ideal you could create a separate custom setting to specify the credentials. This does mean you'll have duplicate settings.

David

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.