WEIGHT: 47 kg
Services: 'A' Levels, Tie & Tease, Fetish, Domination (giving), Games
Was it open and freely available, or was it hashed, secured and practically unbreakable? If you have access to the database containing the passwords you can read them just as you can read the text on this page. You cannot directly turn a hashed value into the password, but you can work out what the password is if you continually generate hashes from passwords until you find one that matches, a so-called brute-force attack, or similar methods.
The salt value needs to be stored by the site, which means sometimes sites use the same salt for every password. This makes it less effective than if individual salts are used. Large salts also protect against certain methods of attack on hashes, including rainbow tables or logs of hashed passwords previously broken. Both hashing and salting can be repeated more than once to increase the difficulty in breaking the security.
Cryptographers like their seasonings. There are broadly two versions of pepper. The first is simply a known secret value added to each password, which is only beneficial if it is not known by the attacker. That means every time a user attempts to log into the site it has to try multiple combinations of the pepper and hashing algorithm to find the right pepper value and match the hash value. Even with a small range in the unknown pepper value, trying all the values can take minutes per login attempt, so is rarely used.
Encryption, like hashing, is a function of cryptography, but the main difference is that encryption is something you can undo, while hashing is not. If you need to access the source text to change it or read it, encryption allows you to secure it but still read it after decrypting it.
Hashing cannot be reversed, which means you can only know what the hash represents by matching it with another hash of what you think is the same information. If a site such as a bank asks you to verify particular characters of your password, rather than enter the whole thing, it is encrypting your password as it must decrypt it and verify individual characters rather than simply match the whole password to a stored hash.