[openssl-users] Is SHA hashing algorithm reversable?

[Wall, Stephen]

> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On
> Behalf Of Sugumar
> Sent: Monday, April 04, 2016 9:26 AM
> To: openssl-users at openssl.org
> Subject: [openssl-users] Is SHA hashing algorithm reversable?
> 	
> Hi,
> 
> I going to use SHA256 algorithm for storing my passwords in secure
> manner.
> But after reading some documentations related to SHA i come to know it
> is
> not reversable.
> Yes hashing means its not reversable only.
> But i saw some online websites giving the original data by reversing
> the
> hash data.
> is it possible means what is the security of hashing?
> I am totally confused pls clarify my doubt.

Hashes are not reversible.  When used to store passwords, the passwords is hashed with a random 'salt', and both the resultant value and the salt are stored.  When testing if an entered password is correct, you hash the entered password with the stored salt, and if the result matches the stored value, the entered password was correct.  Also, generally, a plain hash is not used, it is repeated some large number of times, sometimes with addition data added in, to slow down and complicate cracking attempts.  Google (or any other search engine) can give you lots of links for properly hashing and storing passwords.

-spw