Javascript encryption of password and decrypting at server side

Question

0.00/5 (No votes)

See more:

Hi ,

I need to know the login, How this will be done.

I have done so far, created users register page their i'm generating the hash code of the entered password using salt. now how to decrypt at server side with same salt.

Posted 16-Jul-13 21:15pm

Rockstar_

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Prasad Khandekar · Answer 1 · 2013-07-16T21:55:00

Hello Rockstar,

Since you are using hashed password it won't be possible for you to obtain the original password on the server side, unless of course you are using a custom grown hash function which is capable of reversing the has value.

According to Wikipedia
A cryptographic hash function is a hash function; that is, an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the message digest or simply digest.

The ideal cryptographic hash function has four main properties:

it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same hash.

The way I typically imeplemet this functionality is explained below. You can perhaps follow the same.

Generate some random value (Salt) approx 10-12 characters on server side and insert it in login page using a hidden field, store it in session as well.
In login page's javascript generate a hash (HashedPass) of the password (SHA-1/SHA-2/SHA-3).
Using the Salt generate one more hash value (CheckSum) of HashedPass
Post UserId, HashedPass and CheckSum to server
On the server side recompute the Checksum using Salt stored in session and the received HashedPass. Compare this value with CheckSum received, If both values are same then proceed to next step otherwise flag an error.
Reteieve user's record from data store using the received UserId.
Retrieve the random salt that was stored along with the original password hash. (The original password stored in the data store is also a hash value generated using a random salt and using one of the hashing algorithms mentioned eralier. I generally store salt along with the hashed password as $SALT$HASH)
Recompute the new hash of HashedPass using the random salt retrieved in step 7 and one of the hashing algorithms mentioned eralier.
Now compare the new hash with the password hash stored in data store, if both of these values are equal then you can safely login the user, otherwise flag an error

Regards,

Thanks7872 · Answer 2 · 2013-07-16T21:20:00

Solution 2

I answered your similar question today morning. Well,i suggested there also that you cant decrypt the final value.In order to get successfull login,you should first pass user entered text to the same hash algorithm which will generate the hash. This is,you compare hash with hash,not password with password.

Call again if you still have any doubts.

Regards..:laugh:

Posted 16-Jul-13 21:20pm

Thanks7872

Comments

Rockstar_ 17-Jul-13 3:23am

ya i'm comparing the two hash passwords only, but not matching..
Please look at this link http://www.codeproject.com/Articles/608860/A-Beginners-Tutorial-for-Understanding-and-Impleme

Rockstar_ 17-Jul-13 3:24am

here in the above link rahul explained the process, but still have some doubts, like server side how to use the salt.

Thanks7872 17-Jul-13 3:29am

Let me explain you from very basic.Hope you will get it.

First user creates account using registration page.There,he will provide password(say 123@rockstar) for her account.Encrypt it using algorithm it will generate some hash(say udfguebrgiunfnvhuihfuewngu),now this value cant be decrypted and you cant get 123@rockstar from this.
At the time of login,user will enter her password 123@rockstar,at that time encrypt it using the same algorithm,which will generate udfguebrgiunfnvhuihfuewngu,so now only thing is to compare these two highlighted values.

Rockstar_ 17-Jul-13 4:43am

Please go through solution 3

Rockstar_ 17-Jul-13 4:43am

MY problem is same like solution 3

Thanks7872 17-Jul-13 4:50am

I explained you everything in very very simple terms how to do login functionality including how to store passwords. I also suggested you some of links to do the same.The solution 3 suggests same thing with lil bit modification. If you want to achieve functionality than you should follow the suggestion first.If the above simple explanation is not enough for you than i think you should start from some basic programming rather than cryptography.

You are talking about javascript since last 8 hours,can you explain me why to use javascript only? See there are number of ways to do something with programming,its upto you how to implement it. If easier solution is available,than why to go for the complex one. As per as the question is concerned,javascript wont have specific advantage to be used.

**Nirav Prabtani** · Answer 3 · 2013-07-16T21:19:00

Solution 1

http://www.aspdotnet-suresh.com/2010/12/introduction-here-i-will-explain-how-to_28.html[^]

http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.cryptographicengine.encrypt.aspx[^]

Posted 16-Jul-13 21:19pm

Nirav Prabtani

Comments

Thanks7872 17-Jul-13 4:56am

Dont run into race of points. It wont add much value to the codeproject.com and yourself as well.I have seen since last one month that you are providing only links(it should not be for every question). Theres not a case every time where user failed to find it through google. If possible provide some explanation.

Forums are meant to be surfed through years. If you provide some valuable content,that would be helpful for others for years.