encryption - Is it possible to decrypt MD5 Hashing?

I was seeing a video on how to hash passwords with MD5 Hashing. After googling on it I found out that Facebook also uses MD5 hashing scheme. Now I was curious to know if we can decrypt the password easily? If this is so, what is the advantage of MD5 hashing then?

Short answer: MD5 is a way of knowing enough about a password to compare it - a unique fingerprint - without actually keeping the password around.

Longer one: MD5 can be thought of a fingerprint generator. You take as many bits as you can, and out the end is 128 bits. The md5sum will always be the same for any string. But, it's hard to predict what an md5sum will be for any given string. It can't be reversed. You can't get the password back from the hash, that information is thrown away.

Why MD5? You don't want to store the actual password. If I can break into your DB, I get the passwords. This is unsafe.

So I can store a hash. On login, I get md5sum of the password you typed, and the md5sum in the db, see if they match. Then, even if you get the hash, you can't go backwards to get the password. You've got the hash, but in theory you can't get the password.

This is safer, but remember, the same password will always hash to the same md5. 'password' will always be 286755fad04869ca523320acce0dc6a4. If I see 286755fad04869ca523320acce0dc6a4 in the db, I know your password is 'password'. So one technique is to add something called 'salt', a bit of uniqueness to your password. So, say for me, my salt is chosen to be, oh Idunno, '1b24'. I add that to the md5 data, which gets me c4f8469e00c67d70dfbaa91cdf948fa8. When I store the password, maybe I store 1b24|c4f8469e00c67d70dfbaa91cdf948fa8. Then when you type in 'password', I see in the db I need to add 1b24, and I'd get the match.

MD5 is actually not used for this as much. There's newer ones (like SHA1) which throw the bits around better. Sometimes you go through multiple rounds. This adds security by making it harder to generate huge lists of these fingerprints - it takes too long to compute.

MD5 is a one way hash. This has been discussed a few times on Stack overflow:

http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes

http://stackoverflow.com/questions/1471654/reversing-an-md5-hash

Certainly not decrypt it, as it has been stated constantly. However, there are by now quite a few papers talking about forcing md5 collisions. This basically means that because the hash is generated by a random set of "equations" applied to every bit of the information you're hashing (Remember you can hash anything from a password to a file or several) then you are also able to find another string of undefined length that will create the same hash.

Here is a link to one of the first (and I think one of the best) research papers on the topic. [PDF] http://www.google.com.mx/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CDcQFjAB&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.175.4122%26rep%3Drep1%26type%3Dpdf&ei=6OtQUZaQH8Si2QXhwoGYBA&usg=AFQjCNH3JEEhxpuNqY2N4x9lmHuuGIZvuQ

You can't recover your password if you save the password in md5 hash.. The site that have recovery password module, they save the password in plain.

You can try http://md5pass.com to recover your md5 password