I wonder if anyone use "lossy" encryption. This may sound dumb, but, if you simply crap out the original password, like say, when user supply the password, you do some stupid
foreach(charc instringValue) total += (int)c;
And use "total" as the new password and run it through encryption. So, even if they managed to hack the entire thing. All they get is garbage password, LOLz.
Obviously my example is bad because "PASS" and "ASSP" can both login, and the encoding is too lossy. But, basically if you can do this with balanced encoding quality, you are able to protect the user password as the encoding is lossy.
It is not the same as typical file encryption because you don't care about getting perfect binary back. You want to make sure after you decrypt the password 100%, it is still useless.
That's not dumb at all... what you call "lossy" encryption is just a form of hashing, including the problem with collisions.