Encrypted SHA256 Hash with SALT - Decrypting

I have a site where almost everything uses SHA256 Hash encryption and the hashes are stored in a database table, I want to allow the user to see their password in its decrypted state. Under Server Connect > Cryptographic > I see Decrypt with Password and Decode Base64 only.

How do I decrypt a SHA256 Hash from the Hash and knowing the SALT?

I assume if there is no way of doing this then I have to rather just allow the user to reset their password rather than decrypting it, please can someone just confirm this though.

Hey Paul,

There is a difference between hashing and encryption. SHA256 is a hashing function not an encryption function.
Since SHA256 is not an encryption function, it cannot be decrypted. What you probably want is reversing hashed value to normal text.
SHA256 cannot be reversed because it’s a one-way function it is not designed to be used that way :slight_smile: that’s the idea behind hashing - so that if somebody has your data they cannot “read it”.

hmm, ok thanks, learn something new everyday. I will just allow them to change it when they are logged in then, or allow an admin to change user passwords when they are logged in as admins.
Thanks for the explanation, appreciate it :+1:

1 Like

@psweb Yes, that is why most websites now send a change password link or a new temporary password when a user forgets his/her password; the password cannot be resent as it can not be decrypted. Any site which can allow the user to view a password or can re-sent it to them is advertising it is not storing passwords securely and frankly should be avoided like the plague.

3 Likes

Well if I learn 1 new thing a day, I am getting somewhere I always say, so for future that one is stored in the Paul Brain Database, still running on a Comodor 64 chip, but plodding along.

1 Like