sha1, crc32, and md5 how to read this data?

Question

How can I Decode the md5, crc32, and sha1, below is xml file and then is code I'm using to get data so far.

<files>
  <file name="AtTheInn-Germany-Morrow78Collection.mp3" source="original">
    <format>VBR MP3</format>
    <title>At the Inn - Germany - Morrow 78 collection</title>
    <md5>056bbd63961450d9684ca54b35caed45</md5>
    <creator>Germany</creator>
    <album>Morrow 78 collection</album>
    <mtime>1256879264</mtime>
    <size>2165481</size>
    <crc32>22bab6a</crc32>
    <sha1>796fccc9b9dd9732612ee626c615050fd5d7483c</sha1>
    <length>179.59</length>
  </file>

And this is code I'm using to get title and album name how can I make sense of sha1 and md5, any help to any direction will be helpful, Thanks

<?php
    $search = $_GET['sku'];
    $catalogfile = $_GET['file'];
        $directory = "feeds/";
        $xmlfile = $directory . $catalogfile;
$xml = simplexml_load_file($xmlfile);

list($product) = $xml->xpath("//file[crc32 = '$search']");
echo "<head>";
echo "<title>$product->title</title>";

Answer 1

Hash functions generate numbers that represent some arbitrary data. They can be used to verify if the data has changed (a good hash function should produce a totally different hash for even a single bit has changed).

Since you are turning an arbitrary amount of data in a number as a result you loose information, this means that it's hard to reverse them. Technically there is an infinite number of possible results for a hash as the data can be any length. For limited data sizes its still possible for there to be multiple data values for a specific hash, this is called a collision.

For some data sets (for example passwords) you can generate all possible combinations of data and check to see if they match a hash. If you do the generation at the same time as the checking it's known as 'brute forcing'. You can also store all possible combinations (for a limited range, for example all dictionary works or all combinations of characters under a specific size), then look it up. This is known as a rainbow table and is useful for reversing multiple hashes.

It's good practice to store passwords as a hash rather than in plain text but to ensure the passwords are hard to reverse they add a bit of random data to each one and store it along with the passwords, this is known as salting. This salt means it takes much longer to brute force a password.

In this case they are probably hashes of the mp3 file that is specified to verify file integrity and show any corruption that occurs during transfer (or storage). It won't be possible to reverse them since you would have to generate all possible combinations of megabytes of data. But if you have the file itself there wouldn't be any reason too. You can confirm they are hashes of the file by running a checksum generating program on it.

Answer 2

MD5, SHA-1, and CRC32 are hash functions. That means that they cannot be reversed.¹ You'd have more luck looking into that name attribute of the file tag.

¹ You can² brute-force them, but since they can represent variable-length data as a fixed-length piece of data, due to the pigeonhole principle and just plain probability, you're more likely to get something that's not the original input than the original input.

² It'll take forever for SHA-1, though.