Why are hash functions one way? If I know the algorithm, why can’t I calculate the input from it?
Why can't a password hash be reverse engineered?
I've looked into this ages ago and have read lots on it, but I can't find the explanation of why it can't be done. An example will make it easier to understand my question and to keep things simple we will base it on a hashing algorithm that doesn't use a salt (LanMan).
Say my password is "Password". LanMan will hash this and store it in the database. Cracking programs can brute force these by hashing password guesses that you provide. It then compares the generated hash to the hash in the database. If there is a match, it works out the password.
Why, if the password cracker knows the algorithm to turn a plain text password into a hash, can't it just reverse the process to calculate the password from the hash?
This question was IT Security Question of the Week.
Read the Feb 24, 2012 blog entry for more details or submit your own Question of the Week.