what you can do, if you have a proper attack formula, is find *a* message
that produces *that one hash*. that is, if I have message M which produces
hash H, I can use the attack to find *a* message M' which will also
produce hash H.
The thing is, passwords are short and have limited entropy. Chances are,
if you find a password that produces the same hash, it's M.