Hashing vs. Encrypting Passwords

Question

I\'m using ASP.NET membership for a site that will serve primarily sophisticated users. I understand the difference between hashed and encrypted passwords, and I\'m trying t

Answer 1

The risk is, that encrypted passwords can be decrypted to get the plain text password.

Hashes normally can't be reversed.

Reversing an MD5 Hash

A quite common occurance is people using the same username and password on all their internet sites.

All it takes is one site password to be decrypted, and all the users sites are at risk.

While with a hash, the cracker never gets the plain text password.