Both MD5 and SHA1 are encryptions that are not possible to decrypt.
The correct way to use it is:
When something is encrypted in md5 or sha1 it will generate a 128 bit HASH and will generally be 32 hexadecimal digits. Every time the same word is encrypted in MD5 it will generate the same hash.
The most common use of this form of encryption is just to check the integrity of the data, for example, sometimes you will download some file and they provide the source code and a "checksum" code, this checksum you can generate a md5 of the code that you downloaded and compare with the one provided by the manufacturer, if they hit you can consider that the code has not changed and the application has no virus inside it.
It is common to use for passwords, for example, you do not need to know the password of your user, nor is it a good practice to store it in the bank, how can I validate a user in this way?
You store the md5 hash in the database, and when the user attempts to log you get the password he provided and encrypts it in md5 and compares, if they hit they are the same, you just validate a password without knowing what the actual password is.
While sha1 is pretty much the same thing, the difference is that it generates a 160bit HASG and can generate a 40-digit hex.
Hugs