When you run a string (password) through a hash algoithm it generates a fixed length string based on the bit length of the encryption that represents the string.
You can't really decrypt a hash, but you can run many, many strings through the algorithm to see if the the hash you get matches the one in questions. This is easily done with dictionaries (as most people use common words for passwords so they can remember them) and with today's hardware can be done very quickly.
However, if the password is something very uncommon or convoluted, they will have to run a brute force attack on the hash. This means they will have to try every combination possible of the string.
This is incredibly hard if a) you have no idea what the length of the string is to begin with, and b) what characters are included in the string.
Here is and example
This is a MD5 hash of a strong password with no salt ... 4fa40cf7dd4c6ce484ef12a59ec28288
Good luck getting that password other than through brute force.
If I salted it it would be infinitely harder, but the point is that if you use a strong password from the start the likelyhood of your hash being compromised in still pretty slim.
