Encryption

[livethedead]

I seen the sticky but that didn't have my answer and no place I go is really answering my core question. This just doesn't make sense in my brain, how is using md5 safe. What if someone got say an encrypted pass. The code md5 uses is available to anyone, no? So if they got a hold of it how is it not as easily cracked as it is encrypted. Someone please explain this to me lol, it's like a thorn in my brain.

[scootstah]

Because it isn't encryption, it is hashing. It is one way and not reversible.

[livethedead]

Because it isn't encryption, it is hashing. It is one way and not reversible.

 

OK either way I'm still left with why can't the same code used to hash it be used to un-hash?

[Pikachu2000]

md5, sha1, sha256, etc. are not methods of encryption. They are one-way hashing algorithms. The way md5 is "cracked" is by taking an enormous number of words (like a whole dictionary's worth), and generating a hash value that corresponds to each of those words. A hash value can them be compared to the known values to see if there is a match. With the older algorithms (crc32, md5, and sha1, etc.), it's very possible that the algorithm will generate the same hash value for more than one string. That is known as a collision. So, in short, even though a string generates a hash value that matches another hash value, you can't be 100% certain that it was generated by the same string. As far as passwords go, that is really neither her nor there because if you enter a string that causes a collision, it's as good as entering the actual string that originally created the hash.

[livethedead]

Edit: nevermind, I found the information I was looking for. Thanks for you're response Pika.