Historically, or traditionally, we've protected passwords by encrypting them. That is to say, we take a password that a user provides to us, we encrypt it in some way using some key that we store somewhere on the system, and then when that user types in their password, we then either encrypt their password and check the encrypted values or we decrypt their password and check that.

is it's kind of like the security of these is STOMP.