Passwords can be made secret using a one-way function.

We use the the cryptographic hash function MD5 (Rivest, 1992), also called a message digest.
It has the following four important properties:

1. Given a string "somestring", it is easy (fast) to compute md5("somestring")
2. Given md5("somestring"), it is effectively impossible to find "somestring".
3. Given "somestring", it is effectively impossible to find "anotherstring" such that md5("somestring")=md5("anotherstring")
4. Changing one bit of the input produces a very different output

Examples

md5("MyPass")=

md5("Homer")=

md5("NyPass")=

Protecting the Password with MD5

if ($PHP_AUTH_USER == "hilde" && md5($PHP_AUTH_PW); == "fb3f06c821388858cafe95cea24895d3") $auth = true;

The first point above ensures that the validation is fast.

The second point above ensures that it is effectively impossible to find the password from the script