A hash is a numerical value of fixed length which unequivocally identifies files of arbitrary legth. An example of a hashing algorithm is SHA1, which already figured as the topic of an ASP article (German). The reader might now say that saving the password as a hash would be sufficient, but why is this wrong?