如其他描述相当好，您不能轻易地解密一个MD5哈希。

As others described quite well, you cannot easily 'decrypt' an MD5 hash.

我想***的方法来进行密码恢复是这样的：

I guess the best way to do your password recovery is like this:

1. 用户可以通过提供他的电子邮件地址来请求密码恢复
   （它应该是唯一的用户可以通过电子邮件地址来识别。

1. A user can request password recovery by providing his email address (it should be unique so users can be identified by email address).

一封电子邮件发送到他的地址，一个
链接包含一个唯一的哈希（
当您发送
电子邮件并将其保存到数据库时生成）。

an email is sent to his address with a link containing a unique hash (which you have generated when sending the email and saved it to the db).

当用户点击链接（和
当然，唯一的哈希值被检查
等于数据库中的一个）
你可以显示一个表单，让他们
选择不同的密码。

when the link is clicked by the user (and of course the unique hash is checked to be equal with the one in the db) you can show a form which lets them choose a different password.

有些人使用的另一条路线是简单地要求电子邮件地址，生成一个新的密码并发送给用户。这个问题是，只知道您的电子邮件地址的人可以请求更改密码。他不会知道新通行证，您将通过电子邮件收到通知，但仍然对用户来说非常不方便。

Another route that some people use is to simply ask for the email address, generate a new password and send it to the user. The problem with this one is that someone who knows only your email address can request a password change. He won't know the new pass, and you will get it by email, but still it is very inconvenient for the user.