I wrote a basic application that uses bcrypt to hash a password and stores the hashed password and the corresponding salt in the Windows registry as a reg_binary in 'secureValue'. Is there a way to recover this hash value and attempt to crack it? This is my first crack at writing a semi secure app (this IS NOT FOR PRODUCTION ITS JUST FOR LEARNING). I realize the attacker would need to still brute force the corresponding hash but it still seems a potential issue to me. I experimented a bit with recovering it with C# but I cannot recover the value and attempt to crack which seems like a good thing? For instance this doesn't give me a useful return that could then be plugged into a tool like hashcat:
byte[] array = (byte[])rk.GetValue("secureValue");
string decoded = System.Text.Encoding.UTF8.GetString(array);
decoded = decoded.Replace("\0", String.Empty);
Am I missing something here? Should this be a value you could capture and plug into a tool like hashcat?
*To clarify I am not asking if it is possible to reverse the hash. I am aware this is not possible. What I am asking specifically is if it is possible to recover the hash value from the registry key where it is stored as a REG_BINARY. VNC for instance used to store its hashed password as a REG_SZ value in the windows registry, so you could take that string, and attempt to crack it. I am asking if this same thing is possible if it is stored in REG_BINARY
EDITED FOR CLARITY
