(This started out as a comment to Daniel DiPaolo, in response to Mokuchan.)
If you want to store a password (no matter the location), you use the following scheme:
$hashedPassword = $salt . hash( $salt . $password);
The storage location of the hashed password should be safe. Be it in a database or in a file with the proper permissions set.
If a file, your 'record' for the user bob with password secret would look something like this (using BCrypt Hash):
bob:$2a$05$tlk4M8WSpVkO7ER6QGxcwuY91MrBCQn.TCDZ5eOM1iz2sCChtR62K
There is no way for anyone to 'decrypt' the password. That's the whole point of using a Hashing algorithm: it is non-reversible.
You state that:
There are some tools that try to decrypt md5 and sha1, and at least in some cases they seem to work
As hashing algorithms are non-reversible, this is not possible. (There is no 'decrypt' option)
My best guess is that you are referring to a tool that looked up a hash from a precomputed table and it returned a valid input string, likely to be your password.
These tables are called rainbow tables. They can be defeated by A) using a random salt and B) using a strong hashing algorithm (BCrypt hash or SHA2-family hash for example)
Regarding improper hashing algorithms: MD5 and SHA1 are considered cryptographically broken. In other words: you should not be using them any more.
For a discussion on this, see: http://stackoverflow.com/questions/2768248/is-md5-really-that-bad