It is a slight abuse of the word "encryption," but basically it goes like this ...
Suppose that your password was "secret." A reversible algorithm would be able to recover the actual word used. If someone asked the system administrator, "I forgot my password... what is it?" then the sysadmin would be able to tell them.
Per contra, a non-reversible algorithm subjects the password-string to a transformation, or "hash," that only goes one way. You can never determine which word it was that was hashed. But you can take whatever the user has typed in, hash it the same way, and compare the two hashed strings. If, and only if, they are equal, then the user must know the password. Otherwise all that we know is that whatever he typed in was "wrong." In this case, the sysadmin would have to reply, "No, I cannot tell what it was either, but I can change it. What do you want your password to be?"
Usually, a non-reversible algorithm is better.
|