0

I am just curious if this can be done.

I have the hashed password (algorithm SHA1) and Password salt, would I be able to retrieve the password?

Can it be done in SQL server or can it be done via any software?

example: 

 Hashed GQdsHCOcun8JuysvqsM3pP0eeoU=
 Password salt: CDjIsQcbz23NzXZLzHRTVw==

Thanks

NoviceDeveloper
  • 1,221
  • 3
  • 14
  • 38

2 Answers2

3

No. Hashes are one-way functions. You can brute-force the passwords, until you guess the correct password, but you cannot decrypt them.

Alex W
  • 35,267
  • 10
  • 97
  • 106
  • 1
    Alex W is correct. Having the hashed password and the salt, confirm whether or not a given password is correct. However, you cannot (easily) figure out what the original password is, with only the hashed password and the salt. – mti2935 Apr 03 '14 at 13:33
  • @NoviceDeveloper - As Alex said you cannot decrypt a hash, however you can brute-force about [3 Giga](http://hashcat.net/oclhashcat/#performance) SHA1 hashes per second with common hardware. That means that SHA* is not appropriate to hash passwords, instead one should use a slow key-derivation function like BCrypt or PBKDF2. – martinstoeckli Apr 03 '14 at 15:03
1

Short answer is no. SHA1 is a one way hash algorithm. You could theoretically find other words that also produce the same hash (collisions), but it would take a lot of time and computing resources.

BlakeH
  • 3,144
  • 2
  • 19
  • 28
  • 1
    For those curious about collisions, you can see [this answer](http://stackoverflow.com/questions/1867191/probability-of-sha1-collisions) about their probability. – Alex W Apr 03 '14 at 13:35