How to Decrypt SHA1 Passwords


I am using the below example to encrypt my password and store it in my database. How do I decrypt it? If I query the the password from the database, how do I decrypt it? Thanks.

from com.inductiveautomation.ignition.common.util import SecurityUtils
username = event.source.parent.getComponent('Username Entry').text
password = event.source.parent.getComponent('Password Entry').text
password = SecurityUtils.sha1String(password)
.... perform a DB query to Insert/Update the user w/encrypted password

You don't. SHA1 isn't encryption, it's a cryptographic hash. It's not reversible.


Kevin Thanks. I learned something new. Maybe you can steer me the right direction. I am using SQL to store my usernames and passwords. As of now they are plain text. In ignition when someone signs-in by providing a username/password, I run a query against the user entered credentials and the database credentials and if valid, I pass them to the SwitchUser command for ignition to actually perform the login. I don't like that the password is plain text thus me trying to encrypt it or "hide" it. I tried 2 different methods. Method #1 was using SHA1 and Method #2 using AES encryption that I discovered in the post below. Here's my problem. Both methods "hide" the password, but Ignitions SwitchUser has no way to "Decrypt" it. It simply treats it as a plain text password, and if you were to pass to SwitchUser the hash or the actual encrypted text, it will allow you to login as it simply sees it as the password. So my problem is; how do you properly encrypt and decrypt a password in ignition. Hopefully I am making sense.

What's the issue with this ?

edit: To be a bit more accurate (and maybe pedantic), you wouldn't use an encrypted pasword.
You'd use a hashed and salted password. Which is not un-hashable.
Then when a user wants to login, you send the input password through the same process and compare the output to what's stored in your database.
Which sounds like what I quoted, that's why I'm wondering why you're not satisfied with it.
You DON'T encrypt and decrypt passwords. If you're using encrypting functions that allow passwords to be decrypted, you're doing it wrong.

1 Like

Your approach is broken. The switchuser functionality needs the plain text password. It is not considered a secure approach to store passwords in any reversible form. So you will have to make some provisions to ensure your user passwords that are salted and hashed in your database remain synchronized with your user passwords maintained similarly in a user source or identity provider.

1 Like