Quote:
Originally Posted by Brons
Having https is just best practice imo. But so is not storing your passwords in a decryptable format so what do I know.
Although there has been mention of 'decrypting passwords' this may not be an accurate description of what happened.
Passwords are usually stored by a method that would more properly be termed 'hashed' than 'encrypted'.
The algorithm used is designed to be non-reversible. This is fairly easy to achieve. It takes the characters of the password and creates an integer (strictly, a certain number of bits), that can be compared. This does mean, however, that if you know the algorithm and the hashed password, whilst you may not be able to determine the actual password, you can reasonably easily find another password that hashes to the same value. Then you can use that password to log in to the account in question.