Why MD5/SHA1 password hashes cannot be decrypted?
I recently read an article about password hashing.
How are MD5 or SHA1 hashes are created such that it can't be decrypted?? What I think is, it must be encypting string by certain FORMULA (it always gives same hash for the same string; so there must be no randomization) and thats why we should be able to decrypt that by the same FORMULA?? Or people don't know the forumla?
Answer
MD5 and SHA1 are not encryption algorithms. They are hashing algorithms.
It is a one way formula. Running MD5 or SHA1 on a particular string gives a hash that is always the same. It isn't possible to reverse the function to get back to the original string.
For example:
15 Mod 4 = 3
Even if you know the formula is
x Mod 4
you can't deduce x as it could be 3, 7, 11, 15 etc...
Obviously MD5 and SHA1 are a lot more complex!
In the above example, imputing 15 will always give you the answer of 3, but nobody would be able to deduce the original number. This does lead nicely on to collisions where multiple input strings could give the same hash:
http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities
Wikipedia has information on the particular algorithm used: