This question already has answers here:
Decrypt from SHA256
(3 answers)
Closed 8 months ago.
How can I decode SHA256 in c#?
I tested an online SHA256 Decrypt website and it worked.
Is it possible in c#?
https://10015.io/tools/sha256-encrypt-decrypt
On the website we can read
SHA256 is a hashing algorithm. There is no direct method for SHA256 decryption. SHA256 is decrypted by using Trial & Error methodology. It may take some time if either the text that will be decrypted or the character set that will be used for decryption is long.
Basically a hash function (such as sha256) is irreversible. You cannot retrieve the inputs given a hash (that's why it's widely used for security purposes).
In order to perform a "decryption", you only have one way to go : guess and check. That what the website does [...] SHA256 is decrypted by using Trial & Error methodology [..].
Related
This question already has answers here:
C# RSA Public Key Output Not Correct
(2 answers)
Closed 4 years ago.
Without using Bouncy Castle - using just C# .NET I need to generate a public/private key pair and send the public key to a service by BASE64 Encoding the key in DER format.
Can anyone help with the export in DER format? I can create the keypair easily enough but the DER format has me stumped.
You could also use OpenSSL
If your server/device requires a different certificate format other
than Base64 encoded X.509, a third party tool such as OpenSSL can be
used to convert the certificates into the appropriate format.
GitHub - OpenSSl.NET
This question already has answers here:
Why does SignHash need to know what hash algorithm was used?
(2 answers)
Closed 9 years ago.
Since RSACryptoServiceProvider.SignHash signs an already hashed message - why does it need to know which hash algorithm was used?
It seems that in order to make the signature more useful to the recipient, the OID of the hashing algorithm that was used is included in the signature (per PKCS1). That way, it does not have to be communicated separately.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
What algorithm should I use to hash passwords into my database?
I am new to this hashing on password. I read the hashing + salt make passwords really safe. But still confused which hashing algorithm should I use as there are many like.
MD5CryptoServiceProvider
SHA1Managed
SHA256Managedetc.
How can I decide which one is good for me or all are equal. Can I pick up anyone blindly?
MD5:
In 1996, a flaw was found with the design of MD5, and while it was
not a clearly fatal weakness, cryptographers began recommending the
use of other algorithms, such as SHA-1—which has since been found to
be vulnerable as well.
SHA1:
In 2005, cryptanalysts found attacks on SHA-1 suggesting that the
algorithm might not be secure enough for ongoing use
SHA2 which SHA256 is a type of does not have a known vulnerability as of the moment of writing.
Fast hash algorithms like MD5, SHA-1 or even SHA-256 are not good choices to hash passwords, because they are much too fast and can be brute-forced too easily. One can calculate about 3 Giga SHA-1 values per second with common hardware in 2013.
Instead you can use a slow key-derivation function like BCrypt or PBKDF2. CSharp has native support for PBKDF2, it can be implemented with the Rfc2898DeriveBytes class, an example you can find here.
Also easy to use is this BCrypt library. Often people are not sure if it is safe to use such libraries, but i don't think there are arguments against using it. As long as the library returns the correct value and generates the salt correctly, it should be fine, because the security comes from the algorithm and not from the implementation.
MD5 is considered crackable. SHA1 is good but maybe crackable. SHA256 is good.
https://security.stackexchange.com/questions/5586/why-do-people-think-that-this-is-bad-way-to-hash-passwords
SHA1 vs md5 vs SHA256: which to use for a PHP login?
Is SHA-1 secure for password storage?
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Best way to store password in database
does anyone know a way to secure a password that the user is creating on the site which is then saved in a database table?
The passwords are currently stored as Plain text, I know..I Know!
Thanks
The standard answer goes like this:
Do not store passwords in clear text. Store hashed versions of passwords. When you hash passwords - choose appropriate hashing algorithm and use unique salt values as well.
http://www.troyhunt.com/2011/06/owasp-top-10-for-net-developers-part-7.html
Also PLEASE read this.
http://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/
Some hashing algorythms are too fast (or too easy to break using modern computing power). Use password hashing algoritms (like scrypt).
Salt the password using a per-record salt (i.e. all users use a different salt based on some piece of user information). Than take this salted password and hash it using some hashing algorithm such as an SHA hash.
See for example Hash and salt passwords in C#
You can secure a password by hashing it
You can hash it using md5 encrypt.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
How to encrypt a string in .NET?
Which one is the most excellent and toughest encryption for String type data in C#..
That really depends on your exact requirements.
Most modern encryption algorithms are probably more than strong enough for your needs if you use them properly.
The weak point in your system will not be the encryption algorithm itself. Almost every other aspect of your setup will be more vulnerable to attack than the algorithm.
My primary answer is "it depends upon what you're doing with that string". This question (and answers) will guide you...
.NET Secure Memory Structures
... but it depends if you're encyrpting/security that string in memory, how you're persisting it, how you intend using that string and how you intend disposing of it.
These SO questions touch on these topics too..
How to encrypt a string in .NET?
What's the best way to encrypt short strings in .NET?
... and contain useful links.
That would be a one-time pad. If correctly implemented it's been proved to be impossible to crack but an OTP is most probably not a viable option for you.
RSA encryption is very secure and .NET supports it. But since asymmetric encryption is only designed for encrypting data smaller than it's key size it's often not a great choice for encryption of arbitrary strings. That leads us to block ciphers and among those I would recommend AES.