1.Save the password with any encryption. This is the most insecure mehod.
2.Symmetric encryption algorithm such as 3DES and AES. Once get the key, the original password can be cracked easily. To avoid cracking, we need to achieve many complex implementations like saving and managing password and key separately. Thus, it is not a good method.
3.One-Way hashing algorithm such as MD5 and SHA1. The original password cannot be cracked by calculation. But with the development of "Rainbow Tables", it can be cracked by looking up tables. The main disadvantage of this algorithm is the cost of cracking password is acceptable.
You can even decode the MD5 encryption online by visiting some websites like http://www.cmd5.com
4.Hashing with Salt. The basic idea is to add a random and long encough value (salt) to the password and encrypt. When the use try to sign in, get the user's salt value and hashing value from DB and using same algorithm to generate a new hashing value by salt value and password. Then compare the new hashing value with the hashing vaue in DB.
a.The basic steps of encryption is
hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1 hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226ab hash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007
b.The basic steps of password verification is: