Explanation that worked for my

**ten** year old daughter, so since you are

**eleven** this should help:

sha256 is a one way hash. That means you can not get your password back...You can not decrypt it...

If you dive into the water you get wet, but you can not un-dive from the water to get dry again...

But that does not mean you can not check if the password is correct: if you repeat the sha256 hash it should be the same value as the first one....

So you do not need the actual password anymore. You need it only once and store the hash. If you use the password, hash it again and simply compare the hashes.

Think of it like:

A password is a kind of question, but the hash is the only correct answer. As long as the answers are the same, you don't need the question anymore.

In fact you don't need the question at all, only the answer, to know if somebody entered the right password. You don't even have to know what the question was....

That's how sha256 works when used for passwords.

But of course there is also two way encryption. This is usually used for texts etc, not for passwords... (see Bart's link)

with two way encryption you can get back the original text if you know the key.

The simplest way to demonstrate that is like so:

program untitled;

begin

writeln (ord('a') xor Ord('b')); // this calculation gives us the key: 3 in this case

writeln (char(ord('a') xor 3)); // this calculation gives us the original value of 'b' given our key of 3

end.

Note this is a very easy example to demonstrate a two way encryption.

In real life you need something much more complex like AES which is also a two way encryption.

Summary:

A secure hash like sha256 can not be decrypted, but you can use a hash to verify another hash on the same password. One way encryption. You can

**repeat** the calculation but not reverse it.

A two way encryption can get your password back, based on a key. You can

**reverse** the calculation too.

In practice things are much more complex, but these are the basics.