Early on, the most basic and least secure method of authentication was to store passwords in plaintext (i.e., unencrypted) in a database on the server.
During authentication, the client would send his or her password to the server, and the server would compare this against the stored value.
Obviously, however, if the passwordfile were accessible to unauthorized users, the security of the system could be easily compromised.
In later systems, developers discovered that a server did not have to store a user’s password in plaintext form in order to perform password authentication.
Instead,
the user’s password could be transformed through a oneway function, such as a hashing function, into a randomlooking sequence of bytes.
Such a function would be difficult to invert. In other words, given a password, it would be easy to compute its hash, but given a hash, it would be computationally infeasible to compute the password from it (see “Hashing”). Authentication would consist merely of performing the hash function over the client’s password and comparing it to the stored value.
The password database itself could be made accessible to all users without fear of an intruder being able to steal passwords from it.
Site Title 