0

Is it possible to reverse a password hashed with bcrypt?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Jason
  • 17
  • 1
  • 1
    In general, no (due to the [pigeonhole principle](https://en.wikipedia.org/wiki/Pigeonhole_principle)). – user May 11 '21 at 13:37
  • 1
    How is it possible for companies to leak passwords? Isn't hashing passwords an industry standard? @user – Jason May 11 '21 at 13:45
  • I have removed the question about recommendations because that's a completely different question, you have not stated your requirements and constraints, and there are standard libraries to use: https://www.google.com/search?q=standard+password+hashing+function – schroeder May 11 '21 at 14:39

2 Answers2

3

No. Hashing is not reversible.

What is usually referred to as "cracking a hash" is to throw lots and lots of strings on the hash function and comparing the output with the list of hashes (a.k.a. "brute force").

schroeder
  • 125,553
  • 55
  • 289
  • 326
ThoriumBR
  • 51,983
  • 13
  • 131
  • 149
2

If the password is in a dictionary (such as rockyou.txt) or is easily guessable, then tools like hashcat or john the ripper may be able to crack the hashed password using brute force.

mti2935
  • 21,098
  • 2
  • 47
  • 66
  • 2
    While the steps are accurate, password crackers and cryptographers try to avoid the word 'reverse' in this context, because it can confuse people into thinking that the process can actually be reversed. 'Cracking' is the more acceptable term. – Royce Williams May 11 '21 at 15:44
  • 2
    @RoyceWilliams, Thanks for the suggestion. I agree, 'cracking' is a better word to use. I've edited my answer. – mti2935 May 11 '21 at 15:48