Sometime on Mar 30, Nikhil Joshi assembled some asciibets to say:
Linux is open source --> The Code which encrypts the login password is freely available --> A Baddie looks at the code and finds out the algorithm --> cat /etc/passwd | grep root --> Voila! the baddie has root password.
Well, you have two questions.
First correction, linux is free software, not open source software. This is so because it is released under the GPL and not under something like MIT or BSD.
1. How does making the source available for inspection make it secure?
Since the source is available for inspection, baddies can look at it, goodies (?) also look at it. They find holes in it and possibly fix them or report them to the author. So many people looking at the code tends to fix holes rather quickly. Quicker in fact than it takes the baddies to get the word around that the hole exists.
2. Even knowing the password algorithm (which is MD5 btw), it is impossible to decrypt it. The older encryption used crypt, which was weaker, but still impossible to decrypt. These are one way mathematical functions that convert a given sequence of characters into another. These functions are required to be non-invertible (if you're a math student, that should make sense).
Passwords can be guessed however. And knowing the encryption algorithm, all you have to do is encrypt every password you can think of, and compare the two encrypted strings. If they match, you've got your password.
Obviously, if someone uses a dictionary word, a simple dictionary attack will get the password.
Random strings are harder to get, but still possible with a brute force approach (a cracker that tries every combination of n letters, digits and special characters that exist). This however takes very long and is not feasible for most.
Philip