I divide a number by 5, and I get that the remainder is 2. What was the number I divided? Well, there are infinitely many possibilities because of the way division and remainders work. Possible answers include 2, 7, 12, 17, 22, 27…etc. It is an impossible question to answer with a single “correct” answer. This is an example of a one-way operation where you can get a single answer going one way, but cannot get a single answer going back the other way.

It’s also worth keeping in mind that some operations in a computer are slow compared to other operations. Addition and subtraction are very fast. Multiplication can be fast (if you multiply by a power of 2) or relatively slow. Division is extremely slow. So, if I tell you that I multiplied two prime numbers together to get a product P, and I ask you to figure out which two numbers I started with, that is going to take a long time because I have to divide P by 2, then divide P by 3, then divide P by 5…. and all the prime numbers up to squareroot(P) to try and find the prime factors. That’s a lot of divisions and remember that divisions are very slow. It’s not that the computer can’t do it, it’s that *the computer can’t do it in a reasonable amount of time*.

So the reason why SHA256 and many other hash algorithms can’t be reversed is because of use of one-way functions and factorization routines that have too many divisions.

BUT this isn’t fullproof. If I say that I have a password “password123” and I know that the hash of that password is XYZ, I can just look through my database of password hashes and find everybody whose password hash is XYZ and then I know that their password must be “password123”. People compile large tables of these kinds of results of hashes of common passwords, and then you can just go down the list comparing each until you find a match and then you know what the password is. This is why websites want you to use a “strong password” because that means it’s less likely to appear in one of these tables.