Originally Posted by
quasihumanist
For those of you who don't know anything about security: normally all that is stored is an encrypted version of your password. When you log in, the system encrypts what you type and compares the encrypted versions to check they are the same.
Well, it depends on the system in use. Kerberos, for example, stores the plaintext password in the key database, though the entire database is then encrypted with a master key. In order to authenticate, your client attempts to decrypt a challenge that the key database encoded using your password. This way, no form of your password needs to transit the network.
What a fun thread. Let's all write an encryption algorithm now! I'm sure we can do better than SHA-1.