The MD5 hash algorithm is a cryptographic hash function, not an encryption method.

A cryptographic hash function converts a message of variable length to a fixed size of 'hash,' usually done to check the integrity and authenticity of the original message, and not transmit the message itself in a unreadable encrypted way. The message is also sent ALONG with the hash, usually to ensure that the original message has not been altered en route.

Thus it does not have enough information to actually retrieve the message itself. (although it can if the size of the message is the size of the hash, it is never the case.) Decrypting the MD5 hash string will not yield the information that was used for its creation anyways.

It is basically a one way cryptographic hash function. It performs many binary options on the "message" to compute and process a 128 "hash". It is a very basic form a processing binary data.

The collision resistance of a hash is proportional to the number of hash values that are stored, relative to the number of items that can be hashed, and it is proportional to the adequacy of the hash. The latter means that the hash should usually be of cryptographic quality.

Collision Attack

We never store passwords in a password field. If we did that, anyone with access to the database would have access to all the passwords. Instead, we store the output from a one-way cryptographic hashing function. That is, when a user creates a password, we store the hash value generated from that password via the hashing function. When the user subsequently enters their password in order to log on, the hash value generated by the entered password is compared with the stored hash value. If the two hash values match exactly then the correct password was entered.

Being one-way, it is not possible to determine the password from the hash value, even if we know the precise implementation details of the hash function employed to create the hash value. This is the safest way to store passwords; we simply need to ensure that the same hash function that was used to generate the hash is also used to validate the user's password at logon.

Cryptographic hashes can vary in length depending on which function was used to generate the hash value. Typical values are 128-bit, 160-bit, 256-bit and 512-bit, thus a fixed-length binary field of the required length would be suitable for storing the hash values.