My understanding is that no decryption is done for passwords, only encryption.

When a user chooses a password it is encrypted and stored. Then when they log in, what they type is encrypted again and compared with the stored version.

More knowledgeable monks please feel free to correct me if i'm wrong....

Cheers!

Update: I see Zaxo beat me by 'that much' to an explanation that is far better than mine. Oh well.