问题
If an attacker got access to user’s database and the passwords are stored in hashes, can the attacker decode that hashes? Can you suggest any tool by using we can decode the hash?
回答1:
You can find more detailed information here: http://crackstation.net/hashing-security.htm
To raise security of your hashed passwords you should uses "salted hashes", as described in the link above, too.
回答2:
This answer assumes that you are talking about one of the standard, relatively secure hashing algorithms such as MD5 or SHA-1.
Hashes produced by these algorithms are designed to be 'one-way', that is a hash cannot be used to derive the value that was used to create it.
There exist things called Rainbow Tables which are essentially huge databases which map hashes back to values, however they generally only cover common values such as English words.
One common method to make a hash more secure, and provide some protection against rainbow table based attacks, is to use a salt.
The other issue is that the mapping from a hashes to values is one-to-many, so a given hash will have many (in fact an infinite number) of values which will yield that hash value, so there is no way to be sure what the original value was.
回答3:
No, you cannot decode hashes. A hash is a one-way (almost unique) representation of a piece of data. You could use rainbow tables, brute-force or dictionary attacks on the hashes to recover the unencrypted password.
http://en.wikipedia.org/wiki/Rainbow_table
http://en.wikipedia.org/wiki/Brute-force_attack
http://en.wikipedia.org/wiki/Dictionary_attack
来源:https://stackoverflow.com/questions/12278099/how-to-decode-a-hash