The confirmation code is likely based on a cryptographic hash
algorithm like MD5 or SHA1. Hash algorithms use asymmetric functions so that it is computationally implausible to derive the inputs from the output. If Facebook did it right they also use an secret value, called a salt, which renders it computationally implausible to derive the output without knowing all the inputs. All this is leaving aside the problem of knowing which hashing algorithm they used, since that's not information that Facebook would likely share.