0

So, I'm working on a project where I'm storing passwords in a mongoDB and using Python. Python do has bcrypt build-in module which allows us to hash a plaintext. Now, I can hash a password and store the hashed password in database. Cool. And If I want to know if saved (hashed password saved in database) is same as a given password or not. (i.e. If I hashed a password 'Password' and saved it in database, bcrypt allows us to compare this hashed password and a plain password to check if they are same or not) I can check it with some built in functions.

But, what I really want is, I want to take that hashed password and want to print original plaintext. (e.g. If I hashed a password (say Plain password is 'Password' and hashed password is 'Hashed_Password' ) and saved it in database along with UserID and email for a specific website, now at some point I want to know what was the UserID and Password. So I can get UserID (since I'm not gonna hash it) but I'll only be able to get hashed password (i.e. 'Hashed_Password) and not the real one (i.e. 'Password') I saved.)

I hope you can Understand my problem and give me a solution. In summary, is there a way to get plaintext (i.e. original text) from hashed text or Should I used any other method to do so (like encryption or something).

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Alok Singh
  • 29
  • 1
  • 4
  • 1
    No, sorry, I don't understand your motivation to retrieve the plain password at a later time. There is no need for most of the time. The only time it is ok, is when you're implementing a password manager. In that case, don't hash the passwords and instead encrypt the whole database with a key derived from the master password. – Artjom B. Feb 07 '21 at 19:26

2 Answers2

1

The whole purpose of hashing passwords before saving them in a databse is, others should not be able to see(calculate) the oraginal password from database.

Simply you cannot get oraginal value from a hashed value.

Manoj Nilanga
  • 23
  • 1
  • 6
0

From what I know,

We hash passwords so that even if the attacker gets access to the database the attacker will not be able to have the passwords without using a technique like brute force to get the password. I.E. assuming the attacker know how you hash the password a dictionary of passwords can be hashed and compared with the database to see which passwords match.

Now if you want to reverse the hash I am pretty sure that can't be done other than you trying the brute force method explained above. We can't reverse the hash but only guess by giving passwords.

In terms of encryption which is often used as another layer. For example you could use encryption before the hash and then hash the encrypted password. This way even if the attacker inputs the correct password and only hashes that password the attacker will simply not get it right when compaing the hashes.

Wis124
  • 27
  • 4