What is the actual difference in security between storing password hash and storing encrypted password? Say that you use SHA-512 in both cases and the password is 8 characters long.
This question regards one single password where adding salt to it would make no difference (or would it?)
My main issues is the fact that the weakness in the passwords themselves (too short and/or too simple) often pose the biggest risk. Are hashes harder for hackers to manage? Do they require more CPU?
I get the feeling that many of the discussions about hashing supposes that the passwords are strong. But in real life password are often weak and hashes might not always be as secure as they might seem in theory.
Maybe I'm thinking all wrong.