Home/ Questions/Q 9175513
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T16:55:34+00:00

Possible Duplicate: Difference between Hashing a Password and Encrypting it Hashing vs. Encrypting Passwords

  • 0

Possible Duplicate:
Difference between Hashing a Password and Encrypting it
Hashing vs. Encrypting Passwords

I tried hashing my password in C# using Rfc2898DeriveBytes by passing the username as its
salt value. 

public string HashPassword(string HashedUsernameSalt, string Password)

{

    Rfc2898DeriveBytes HashedPass = new Rfc2898DeriveBytes(Password,
    System.Text.Encoding.Default.GetBytes(HashedUsernameSalt), 10000);
    return Convert.ToBase64String(Hasher.GetBytes(25));
}

The above method gives me some hash value. My questions are

Is it possible to get back my password back for showing the user if he forgets it?
or
Do I need to implement some other concept here like encrypting and decrypting it?, but I heard hashing is better than encrypting.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You cannot reverse a hash, so no if the user forgets his password it is “unrecoverable”. You do not want to store encrypted passwords in a database, instead you do want to store those hashes. If a user forgets their password you generate a new temporary and secure password (after proper identification that the user is who they say they are).

    Passwords should be hashed with a salt, else they are broken by rainbow tables quite quickly.

    • 0