How to decrypt an encrypted password in Mendix app set to bcrypt?

hello I have defaulted to hash algorithm bcrypt in my mendix app. If I open the database in pro and check it, I can see the encrypted password.   However, I want to decrypt this encrypted password so that I can see the original input value(Decoded original value). Is there any way to do this? (Mendix versions are 9.24.0 and 10.2.0)  
2 answers

You cannot do this because:


Passwords are hashed, not encrypted. Hashing is one way only, you cannot reverse it.




MD5 is known to have collisions (2 different strings can produce the same hash). There are two ways to match the pasword that leads to a certain hash.


One is to perform a brute force attack (You randomly gererate passwords that hashes to  a known value). There are tools available to do so, also online:


The second method is to look up the password using a rainbow table. In this table you have hashed values and their corresponding password.


This is, if the system doesn't use a salted hash. In that case a unique string (constante) is added to the password and than hashed. This makes rainbow tables useless and you need to brute force against the login page not matching a string in the database. 


Go Make It