Decrypting password.

Hi,
I am using "Digest::SHA1.hexdigest" to encrypt password. Now, I want
to
decrypt that password. Is it possible to decrypt the password and
recover original one?

Nope. SHA1 is a digest function, not an encryption function and thus
inherently one-way only (at least that's what it's aiming for). If you
do find a way, a number of crypto researchers would be very interested
to find out how
Fred

Frederick Cheung wrote:

Nope. SHA1 is a digest function, not an encryption function and thus
inherently one-way only (at least that's what it's aiming for). If you
do find a way, a number of crypto researchers would be very interested
to find out how
Fred

I heard recently that MD5 has started to show some weakness, which
actually has allowed an old root certificate to be forged. As I heard it
they used a cluster of 200 PlayStation 3 systems, which took about two
weeks to find a usable collision on a MD5 hash allowing them to produce
the forged SSL certificate.

It's really bad when a cryptographic hash can be reversed. However, it
is my understanding that there are no known weaknesses in the SHA hash
algorithms so SHA1 signed certificates are still perfectly safe (for
now).

Actually, SHA1 is beginning to show serious weaknesses as well:
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

Not as bad as MD5, but it's time to start moving away from SHA1 to
something stronger like SHA-256 or SHA-512 if you really care about
security.

Anyways, that said, in regards to the OP:

No you can't reverse a hash (finding a collision as in the case of SSL
certificates is a different but related problem), but for passwords,
usually what you want to do is compare the hashed values. Ie: if the
stored hash value in your database matches the hashed user password,
then authentication success. If however you're trying to do password
recovery, then you'll need to come up with another solution (reseting
the user password to a random value and emailing it to them for
example)