Quote:
Originally Posted by icemanjc  I also doubt that it was acquired from the site, vBulletin encodes your passwords when it stores, so that pretty much only the creators could decode your password. |
Actually,
no one can decode a one-way (hash) encrypted password. The only thing you can do is think of a password, encrypt it, then compare the encrypted password to the one stored in the database. If they don't match, try again. It's called "brute force" cracking.
That's exactly what happens when you log in to any site that stores encrypted passwords -- whatever password you enter in the password box is encrypted using the same method as the original password was encrypted in, the two encrypted strings are compared, and if they match -- voila -- you just logged in. Otherwise, "Invalid password."
Sites who email your password to you (and do not do the "smarter" thing, which is either email you a new, randomly-generated password or require you to visit a form to reset your password and enter a new one) do not store the passwords in an encrypted manner.
There are some encryption techniques that are "two-way," meaning that you can both encrypt and decrypt, enabling one to reverse the encryption of a password if they have the "secret key" or the unencryption method available to them. A lot of these types of encryption techniques are no more effective than just storing the password in plaintext.
Of course, pretty much all encryption techniques can be "cracked," but I would be pleasantly surprised if any member or moderator of this forum has the computing power or the resources and knowledge to do such a thing to a one-way (hash) encryption. If they did, their country's government would probably be paying them six figures or more.
I would hope this forum uses a one-way hash encryption for password storage, but then again, not much havok could be wreaked if a password was stolen, other than posting a bunch of lewd comments or something.