Hi, I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want to decrypt that password. Is it possible to decrypt the password and recover original one? Thank, Tushar -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
No, it''s not. You''re using a hashing algorithm, if you want to get it back later (which isn''t a good idea, for passwords specially), you should check for ruby cryptography libraries. - Maurício Linhares http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/ (en) On Tue, Jan 20, 2009 at 11:24 AM, Tushar Gandhi <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Hi, > I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want to > decrypt that password. Is it possible to decrypt the password and > recover original one? > > Thank, > Tushar > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 20 Jan 2009, at 14:24, Tushar Gandhi wrote:> > Hi, > I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want > to > decrypt that password. Is it possible to decrypt the password and > recover original one? >Nope. SHA1 is a digest function, not an encryption function and thus inherently one-way only (at least that''s what it''s aiming for). If you do find a way, a number of crypto researchers would be very interested to find out how Fred> Thank, > Tushar > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung wrote:> Nope. SHA1 is a digest function, not an encryption function and thus > inherently one-way only (at least that''s what it''s aiming for). If you > do find a way, a number of crypto researchers would be very interested > to find out how > FredI heard recently that MD5 has started to show some weakness, which actually has allowed an old root certificate to be forged. As I heard it they used a cluster of 200 PlayStation 3 systems, which took about two weeks to find a usable collision on a MD5 hash allowing them to produce the forged SSL certificate. It''s really bad when a cryptographic hash can be reversed. However, it is my understanding that there are no known weaknesses in the SHA hash algorithms so SHA1 signed certificates are still perfectly safe (for now). -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
If what you''re trying to do is verify a password entered into an application, what you should do is hash the entered password using the same SHA1 method. The resulting hash will be the same as the stored hash if the passwords are the same. --Erik Tushar Gandhi wrote:> Hi, > I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want to > decrypt that password. Is it possible to decrypt the password and > recover original one? > > Thank, > Tushar > -- > Posted via http://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Jan 20, 2009 at 8:05 AM, Robert Walker <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Frederick Cheung wrote: >> Nope. SHA1 is a digest function, not an encryption function and thus >> inherently one-way only (at least that''s what it''s aiming for). If you >> do find a way, a number of crypto researchers would be very interested >> to find out how >> Fred > I heard recently that MD5 has started to show some weakness, which > actually has allowed an old root certificate to be forged. As I heard it > they used a cluster of 200 PlayStation 3 systems, which took about two > weeks to find a usable collision on a MD5 hash allowing them to produce > the forged SSL certificate. > > It''s really bad when a cryptographic hash can be reversed. However, it > is my understanding that there are no known weaknesses in the SHA hash > algorithms so SHA1 signed certificates are still perfectly safe (for > now).Actually, SHA1 is beginning to show serious weaknesses as well: http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html Not as bad as MD5, but it''s time to start moving away from SHA1 to something stronger like SHA-256 or SHA-512 if you really care about security. Anyways, that said, in regards to the OP: No you can''t reverse a hash (finding a collision as in the case of SSL certificates is a different but related problem), but for passwords, usually what you want to do is compare the hashed values. Ie: if the stored hash value in your database matches the hashed user password, then authentication success. If however you''re trying to do password recovery, then you''ll need to come up with another solution (reseting the user password to a random value and emailing it to them for example) -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
forget that. On Jan 20, 4:24 pm, Tushar Gandhi <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hi, > I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want to > decrypt that password. Is it possible to decrypt the password and > recover original one? > > Thank, > Tushar > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---