Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: How to decrypt what i encrypted...?


This question is answered.


Permlink Replies: 5 - Last Post: Feb 25, 2018 4:48 PM Last Post By: Kim Madsen
Eitan Arbel

Posts: 508
Registered: 2/24/13
How to decrypt what i encrypted...?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 24, 2018 6:25 PM
Hi guys

i use P:=SHA.GetHMAC(IWEdit1.Text, 'SomeKeyString', SHA256); to Encrypt a password.
but how do i read back what i encrypted...?
i can't find anything that would need a Key to decrypt

Thanks !
John David

Posts: 86
Registered: 9/5/16
Re: How to decrypt what i encrypted...?
Helpful
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 24, 2018 6:55 PM   in response to: Eitan Arbel in response to: Eitan Arbel
On 25/02/2018 02:25, Eitan Arbel wrote:
Hi guys

i use P:=SHA.GetHMAC(IWEdit1.Text, 'SomeKeyString', SHA256); to Encrypt a password.
but how do i read back what i encrypted...?
i can't find anything that would need a Key to decrypt

Thanks !

Have you tried this?

<https://edn.embarcadero.com/article/28325>
Eitan Arbel

Posts: 508
Registered: 2/24/13
Re: How to decrypt what i encrypted...?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 25, 2018 5:44 AM   in response to: John David in response to: John David
Thank you John
i saw that, but it's too simple for a password
Thanks
Pat Ritchey

Posts: 10
Registered: 3/9/99
Re: How to decrypt what i encrypted...?
Correct
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 24, 2018 7:23 PM   in response to: Eitan Arbel in response to: Eitan Arbel
Eitan Arbel wrote:
Hi guys

i use P:=SHA.GetHMAC(IWEdit1.Text, 'SomeKeyString', SHA256); to Encrypt a password.
but how do i read back what i encrypted...?
i can't find anything that would need a Key to decrypt

Thanks !

The short answer is that you aren't encrypting the password, so there is nothing to decrypt. You are creating a hash of the password, which is a one-way thing. You can't take a hash value and obtain the original input value.

When I need to encrypt things, I tend to use the library DcpCrypt. You can google it. I think you'll find it somewhere on sourceforge. The library offers Delphi implementations of many encryption and hashing algorithms.

Having said that, encrypting/decrypting a password is not a good practice. Your use of hashing is actually what you should be doing. When you store passwords, you should store the hash of the password, not the password itself. When the user authenticates, you take the hash of the user input and compare that to the hash that was previously computed and stored.

There is a reason why most web sites can not tell you what your password it is when you click on "forgot my password", and instead give you a new password. It is because the web site no longer knows your password. The site only knows the hash of your password.
--
Pat Ritchey [TeamB Emeritus]
Eitan Arbel

Posts: 508
Registered: 2/24/13
Re: How to decrypt what i encrypted...?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 25, 2018 5:50 AM   in response to: Pat Ritchey in response to: Pat Ritchey
Thank you Pat

damn... i suspected everything you wrote, but i thought i was wrong thinking that way...

so no point of a 1-way SHA encryption if i want send a message - the other side wont be able to read it, even if they have the key...

ok then...
for this specific project i will use a "one way ticket" :)

Thanks !
Kim Madsen

Posts: 362
Registered: 12/13/99
Re: How to decrypt what i encrypted...?  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 25, 2018 4:48 PM   in response to: Eitan Arbel in response to: Eitan Arbel
You should (simple version):

1) Make a hash (SHA) of the plain text key on the sender
2) Use the hash value as an encryption key for an encryption algorithm,
like AES
3) On the receiving end, let the user input its plain text key.
4) Hash the plain text key (SHA).
5) Use the hash value to decrypt the text via same encryption method you
used for sending (eg. AES).

Slightly more complex verion:

1) Make a hash (SHA) of the plain text key along with a "secret"
application based salt value that is known to both sender and receiver.
...
4) Hash the plain text key (SHA) along with the "secret" application salt.

The later makes it much more difficult to use precalculated rainbow
tables to find plain text keys that conflict with your generated keys
hash (guessing your key or another key that could be used instead since
it produce same hash value).

best regards
Kim/C4D

On 25/02/2018 14.50, Eitan Arbel wrote:
Thank you Pat

damn... i suspected everything you wrote, but i thought i was wrong thinking that way...

so no point of a 1-way SHA encryption if i want send a message - the other side wont be able to read it, even if they have the key...

ok then...
for this specific project i will use a "one way ticket" :)

Thanks !
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02