The password is stored as a one-way hash, so it's not really possible to "decrypt" it. What the salt does is that it makes it resistent to dictionary attacks. That said, if someone picks the password "password" then one could figure it out regardless.
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Encrypted-password-in-db-why-does-it-tell-the-Hash-and-iterations-in-it-tp7578510p7578550.html Sent from the Shiro User mailing list archive at Nabble.com.
