You're right, the password shouldn't be reversible. It's not, because it's hashed before it's encrypted. As said in the resource above, it's realistically not much securer than the hashing algorithm.
It just makes it a pain for anyone trying to steal user passwords. Meaning they have to decrypt it someway(exploiting the server and executing code to decrypt, being one way, or getting the encryption key), before they can even deal with the hashes.
I believe that a decent hashing algorithm with a salt and peppering, along with decent encryption provides the same security(if not better) over just plain decent hashing with a salt.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You're right, the password shouldn't be reversible. It's not, because it's hashed before it's encrypted. As said in the resource above, it's realistically not much securer than the hashing algorithm.
It just makes it a pain for anyone trying to steal user passwords. Meaning they have to decrypt it someway(exploiting the server and executing code to decrypt, being one way, or getting the encryption key), before they can even deal with the hashes.
I believe that a decent hashing algorithm with a salt and peppering, along with decent encryption provides the same security(if not better) over just plain decent hashing with a salt.