>>>Well then, by all means do encrypt the data - I was answering a question of Dmitry's - not an obscure Denis popping up
>>
>>The thing is - I think I now understood. I was actually updating my reply. You store hash value in a database. You will never be able to get the original value of the password back. When the user types a password, you take the hash and then compare it with the stored hash in the table.
>
>
>See message#1477631 - first and 3rd sentence of the answer

Right, thanks, I understand now.

I also quote Erik from the recent buzz item in gmail (that's how I found the HashBytes link I posted):

----------------
Erik Eckhardt - Hashing is not the same thing as encryption. Encryption obscures but doesn't throw away information. Hashing throws away (potentially huge amounts of) information to create a small "fingerprint" which is very, very unlikely to be the same as another input. Hashing is not perfect as some people have found ways to alter documents to get them to produce a specific hash, yielding a "collision." Some hash techniques are far superior to others. Hashes are intended to be "one way." Any given hash has an infinite number of values that can hash to it (but this would require infinite-length strings).